STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must protect log tools from unauthorized access.

DISA Rule

SV-204735r508029_rule

Vulnerability Number

V-204735

Group Title

SRG-APP-000121

Rule Version

SRG-APP-000121-AS-000081

Severity

CAT II

CCI(s)

• CCI-001493 - The information system protects audit tools from unauthorized access.

Weight

10

Fix Recommendation

Configure the application server or OS to protect log tools from unauthorized access.

Check Contents

Review the application server documentation and server configuration to determine if the application server protects log tools from unauthorized access.

Request a system administrator attempt to access log tools while logged into the server in a role that does not have the requisite privileges.

If the application server does not protect log tools from unauthorized access, this is a finding.

Vulnerability Number

V-204735

Documentable

False

Rule Version

SRG-APP-000121-AS-000081

Severity Override Guidance

Review the application server documentation and server configuration to determine if the application server protects log tools from unauthorized access.

Request a system administrator attempt to access log tools while logged into the server in a role that does not have the requisite privileges.

If the application server does not protect log tools from unauthorized access, this is a finding.

Check Content Reference

M

Target Key

2900

Comments