STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

For applications providing audit record aggregation, the application must compile audit records from organization-defined information system components into a system-wide audit trail that is time-correlated with an organization-defined level of tolerance for the relationship between time stamps of individual records in the audit trail.

DISA Rule

SV-222439r561233_rule

Vulnerability Number

V-222439

Group Title

SRG-APP-000086

Rule Version

APSC-DV-000600

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the application to correlate time stamps when aggregating audit records.

Check Contents

Review the application documentation and interview the application administrator.

Determine if the application has the ability to compile audit records from multiple systems or system components.

If the application does not provide log aggregation services, this requirement is not applicable.

Identify the systems that comprise the application.

Access each system comprising the application or a random sample of several application systems. Review the application logs and obtain date and time stamps for several random audit events. Record the information.

Access the server providing the log aggregation. Access the application logs that have been written to the server and compare the samples obtained from the application systems to the aggregated logs. Ensure the dates and time stamps correlate with one another.

If the log dates and times do not correlate when the logs are aggregated, this is a finding.

Vulnerability Number

V-222439

Documentable

False

Rule Version

APSC-DV-000600

Severity Override Guidance

Review the application documentation and interview the application administrator.

Determine if the application has the ability to compile audit records from multiple systems or system components.

If the application does not provide log aggregation services, this requirement is not applicable.

Identify the systems that comprise the application.

Access each system comprising the application or a random sample of several application systems. Review the application logs and obtain date and time stamps for several random audit events. Record the information.

Access the server providing the log aggregation. Access the application logs that have been written to the server and compare the samples obtained from the application systems to the aggregated logs. Ensure the dates and time stamps correlate with one another.

If the log dates and times do not correlate when the logs are aggregated, this is a finding.

Check Content Reference

M

Target Key

4093

Comments