STIGQter STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 2 Release: 7 Benchmark Date: 25 Oct 2019: The application server must generate log records containing information that establishes the identity of any individual or process associated with the event.

DISA Rule

SV-46469r3_rule

Vulnerability Number

V-35182

Group Title

SRG-APP-000100-AS-000063

Rule Version

SRG-APP-000100-AS-000063

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the application server logging system to log the identity of the user or process related to the events.

Check Contents

Review application server documentation and the log files on the application server to determine if the logs contain information that establishes the identity of the user or process associated with log event data.

If the application server does not produce logs that establish the identity of the user or process associated with log event data, this is a finding.

Vulnerability Number

V-35182

Documentable

False

Rule Version

SRG-APP-000100-AS-000063

Severity Override Guidance

Review application server documentation and the log files on the application server to determine if the logs contain information that establishes the identity of the user or process associated with log event data.

If the application server does not produce logs that establish the identity of the user or process associated with log event data, this is a finding.

Check Content Reference

M

Target Key

2388

Comments