STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must provide the capability to centrally review and analyze audit records from multiple components within the system.

DISA Rule

SV-222487r508029_rule

Vulnerability Number

V-222487

Group Title

SRG-APP-000111

Rule Version

APSC-DV-001130

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the application so all of the applications logs are available for review from one centralized location.

Check Contents

Review system documentation and interview application administrator for details regarding application architecture and logging configuration. Identify the application components, the logs that are associated with the components and the locations of the logs.

If the application utilizes a centralized logging system that provides the capability to review the log files from one central location, this requirement is not applicable.

Access the application's log management utility and review the log files. Ensure all of the applications logs are reviewable from within the centralized log management function and access to other systems in order to review application logs are not required.

If all of the application logs are not reviewable from a central location, this is a finding.

Vulnerability Number

V-222487

Documentable

False

Rule Version

APSC-DV-001130

Severity Override Guidance

Review system documentation and interview application administrator for details regarding application architecture and logging configuration. Identify the application components, the logs that are associated with the components and the locations of the logs.

If the application utilizes a centralized logging system that provides the capability to review the log files from one central location, this requirement is not applicable.

Access the application's log management utility and review the log files. Ensure all of the applications logs are reviewable from within the centralized log management function and access to other systems in order to review application logs are not required.

If all of the application logs are not reviewable from a central location, this is a finding.

Check Content Reference

M

Target Key

4093

Comments