STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must generate audit records showing starting and ending time for user access to the system.

DISA Rule

SV-222464r508029_rule

Vulnerability Number

V-222464

Group Title

SRG-APP-000505

Rule Version

APSC-DV-000850

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the application or application server to record the start and end time of user session activity.

Check Contents

Review and monitor the application logs.

Initiate a user session and observe if the log includes a time stamp showing the start of the session.

Terminate the user session and observe if the log includes a time stamp showing the end of the session.

If the start and the end time of the session are not recorded in the logs, this is a finding.

Vulnerability Number

V-222464

Documentable

False

Rule Version

APSC-DV-000850

Severity Override Guidance

Review and monitor the application logs.

Initiate a user session and observe if the log includes a time stamp showing the start of the session.

Terminate the user session and observe if the log includes a time stamp showing the end of the session.

If the start and the end time of the session are not recorded in the logs, this is a finding.

Check Content Reference

M

Target Key

4093

Comments