STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must produce audit records containing information to establish when (date and time) the events occurred.

DISA Rule

SV-222473r508029_rule

Vulnerability Number

V-222473

Group Title

SRG-APP-000096

Rule Version

APSC-DV-000980

Severity

CAT II

CCI(s)

• CCI-000131 - The information system generates audit records containing information that establishes when an event occurred.

Weight

10

Fix Recommendation

Configure the application or application server to include the date and the time of the event in the audit logs.

Check Contents

Access the application logs and review the log entries for date and time. Each event written into the log must have a corresponding date and time stamp associated with it.

If the audit logs do not have a corresponding date and time associated with each event, this is a finding.

Vulnerability Number

V-222473

Documentable

False

Rule Version

APSC-DV-000980

Severity Override Guidance

Access the application logs and review the log entries for date and time. Each event written into the log must have a corresponding date and time stamp associated with it.

If the audit logs do not have a corresponding date and time associated with each event, this is a finding.

Check Content Reference

M

Target Key

4093

Comments