STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must generate audit records for all account creations, modifications, disabling, and termination events.

DISA Rule

SV-222467r508029_rule

Vulnerability Number

V-222467

Group Title

SRG-APP-000509

Rule Version

APSC-DV-000880

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the application to log user account creation, modification, disabling, and termination events.

Check Contents

Log on to the application as an administrative user.

Navigate to the user account management functionality. If no user management capability exists within the application, refer to the Enterprise Active Directory or LDAP user management interfaces.

Monitor and review the log where the application's user activity is recorded.

Create an application test account and then review the log to ensure a log record that documents the event is created.

Modify the test account and then review the log to ensure a log record that documents the event is created.

Disable the test account and then review the log to ensure a log record that documents the event is created.

Terminate/Remove the test account and then review the log to ensure a log record that documents the event is created.

If log events are not created that document all of these events, this is a finding.

If some, but not all of the aforementioned events are documented in the logs, this is a finding.

Findings should document which of the events was not logged.

Vulnerability Number

V-222467

Documentable

False

Rule Version

APSC-DV-000880

Severity Override Guidance

Log on to the application as an administrative user.

Navigate to the user account management functionality. If no user management capability exists within the application, refer to the Enterprise Active Directory or LDAP user management interfaces.

Monitor and review the log where the application's user activity is recorded.

Create an application test account and then review the log to ensure a log record that documents the event is created.

Modify the test account and then review the log to ensure a log record that documents the event is created.

Disable the test account and then review the log to ensure a log record that documents the event is created.

Terminate/Remove the test account and then review the log to ensure a log record that documents the event is created.

If log events are not created that document all of these events, this is a finding.

If some, but not all of the aforementioned events are documented in the logs, this is a finding.

Findings should document which of the events was not logged.

Check Content Reference

M

Target Key

4093

Comments