STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:SV-222431r508029_rule
V-222431
SRG-APP-000343
APSC-DV-000520
CAT II
10
Configure the application to write log entries when privileged functions are executed. At a minimum, ensure the specific action taken, date and time of event are recorded.
Log on to the application as an administrative user.
Identify functionality within the application that requires utilizing the admin role.
Monitor application logs while performing privileged functions within the application.
Perform administrative types of tasks such as adding or modifying user accounts, modifying application configuration, or managing encryption keys.
Review logs for entries that indicate the administrative actions performed were logged.
Ensure the specific action taken, date and time or event is recorded.
If the execution of privileged functionality is not logged, this is a finding.
V-222431
False
APSC-DV-000520
Log on to the application as an administrative user.
Identify functionality within the application that requires utilizing the admin role.
Monitor application logs while performing privileged functions within the application.
Perform administrative types of tasks such as adding or modifying user accounts, modifying application configuration, or managing encryption keys.
Review logs for entries that indicate the administrative actions performed were logged.
Ensure the specific action taken, date and time or event is recorded.
If the execution of privileged functionality is not logged, this is a finding.
M
4093