STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:SV-222471r508029_rule
V-222471
SRG-APP-000095
APSC-DV-000960
CAT II
10
Identify the specific data elements requiring protection and audit access to the data.
Review and monitor the application logs. When accessing data, the logs are most likely database logs.
If the application design documents include specific data elements that require protection, ensure user access to those data elements are logged.
Utilize the application as a regular user and operate the application so as to access data elements contained within the application. This includes using the application user interface to browse through data elements, query/search data elements and using report generation capability if it exists.
Observe and determine if the application log includes an entry to indicate the user’s access to the data was recorded.
If successful access to application data elements is not recorded in the logs, this is a finding.
V-222471
False
APSC-DV-000960
Review and monitor the application logs. When accessing data, the logs are most likely database logs.
If the application design documents include specific data elements that require protection, ensure user access to those data elements are logged.
Utilize the application as a regular user and operate the application so as to access data elements contained within the application. This includes using the application user interface to browse through data elements, query/search data elements and using report generation capability if it exists.
Observe and determine if the application log includes an entry to indicate the user’s access to the data was recorded.
If successful access to application data elements is not recorded in the logs, this is a finding.
M
4093