STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must provide a log reduction capability that supports on-demand reporting requirements.

DISA Rule

SV-204759r508029_rule

Vulnerability Number

V-204759

Group Title

SRG-APP-000181

Rule Version

SRG-APP-000181-AS-000255

Severity

CAT II

CCI(s)

• CCI-001876 - The information system provides an audit reduction capability that supports on-demand reporting requirements.

Weight

10

Fix Recommendation

Configure the application server to provide and utilize log reduction with on-demand reporting or configure the application server to send its logs to a centralized log log system that provides log reduction and on-demand reporting functions.

Check Contents

Review application server product documentation and server configuration to determine if the application server is configured to provide log reduction with on-demand reporting.

If the application server is not configured to provide log reduction with on-demand reporting, or is not configured to send its logs to a centralized log system, this is a finding.

Vulnerability Number

V-204759

Documentable

False

Rule Version

SRG-APP-000181-AS-000255

Severity Override Guidance

Review application server product documentation and server configuration to determine if the application server is configured to provide log reduction with on-demand reporting.

If the application server is not configured to provide log reduction with on-demand reporting, or is not configured to send its logs to a centralized log system, this is a finding.

Check Content Reference

M

Target Key

2900

Comments