STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must use cryptographic mechanisms to protect the integrity of log information.

DISA Rule

SV-204739r508029_rule

Vulnerability Number

V-204739

Group Title

SRG-APP-000126

Rule Version

SRG-APP-000126-AS-000085

Severity

CAT II

CCI(s)

CCI-001350 - The information system implements cryptographic mechanisms to protect the integrity of audit information.

Weight

Fix Recommendation

Configure the application server to hash and sign logs using cryptographic means.

Alternatively, configure the application server or OS to send logs to a centralized log server that meets the hashing and signing requirement.

Check Contents

Review the application server documentation and configuration to determine if the application server can be configured to protect the integrity of log data using cryptographic hashes and digital signatures. Configure the application server to hash and sign log data. This is typically done the moment when log files cease to be written to and are rolled over for storage or offloading.

Alternatively, if the application server is not able to hash and sign log data, the task can be delegated by configuring the application server or underlying OS to send logs to a centralized log management system or SIEM that can meet the requirement.

If the application server is not configured to hash and sign logs, or is not configured to utilize the aforementioned OS and centralized log management resources to meet the requirement, this is a finding.

The application server must use cryptographic mechanisms to protect the integrity of log information.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments