STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must provide centralized management and configuration of the content to be captured in log records generated by all application components.

DISA Rule

SV-204787r508029_rule

Vulnerability Number

V-204787

Group Title

SRG-APP-000356

Rule Version

SRG-APP-000356-AS-000202

Severity

CAT II

CCI(s)

• CCI-001844 - The information system provides centralized management and configuration of the content to be captured in audit records generated by organization-defined information system components.

Weight

10

Fix Recommendation

Configure the application server to allow centralized management and configuration of the content to be captured in log records.

Check Contents

Review application server documentation and configuration to determine if the application server is part of a cluster.

If the application server is not part of a cluster, this requirement is NA.

If the application server is part of a cluster, verify that the log settings are managed and configured from a centralized management server.

If the log settings are not centrally managed, this is a finding.

Vulnerability Number

V-204787

Documentable

False

Rule Version

SRG-APP-000356-AS-000202

Severity Override Guidance

Review application server documentation and configuration to determine if the application server is part of a cluster.

If the application server is not part of a cluster, this requirement is NA.

If the application server is part of a cluster, verify that the log settings are managed and configured from a centralized management server.

If the log settings are not centrally managed, this is a finding.

Check Content Reference

M

Target Key

2900

Comments