STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must produce log records containing information to establish what type of events occurred.

DISA Rule

SV-204721r508029_rule

Vulnerability Number

V-204721

Group Title

SRG-APP-000095

Rule Version

SRG-APP-000095-AS-000056

Severity

CAT II

CCI(s)

CCI-000130 - The information system generates audit records containing information that establishes what type of event occurred.

Weight

Fix Recommendation

Configure the application server to include the event type in the log data.

Check Contents

Review the application server log configuration to determine if the application server produces log records showing what type of event occurred.

If the log data does not show the type of event, this is a finding.

Vulnerability Number

V-204721

Documentable

False

Rule Version

SRG-APP-000095-AS-000056

Severity Override Guidance

Check Content Reference

Target Key

2900

The application server must produce log records containing information to establish what type of events occurred.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments