STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

The web server must use the internal system clock to generate time stamps for log records.

DISA Rule

SV-54245r3_rule

Vulnerability Number

V-41668

Group Title

SRG-APP-000116-WSR-000066

Rule Version

SRG-APP-000116-WSR-000066

Severity

CAT II

CCI(s)

• CCI-000159 - The information system uses internal system clocks to generate time stamps for audit records.

Weight

10

Fix Recommendation

Configure the web server to use internal system clocks to generate date and time stamps for log records.

Check Contents

Review the web server documentation and deployment configuration to determine if the internal system clock is used for date and time stamps. If this is not feasible, an alternative workaround is to take an action that generates an entry in the log and then immediately query the operating system for the current time. A reasonable match between the two times will suffice as evidence that the system is using the internal clock for date and time stamps.

If the web server does not use the internal system clock to generate time stamps, this is a finding.

Vulnerability Number

V-41668

Documentable

False

Rule Version

SRG-APP-000116-WSR-000066

Severity Override Guidance

Review the web server documentation and deployment configuration to determine if the internal system clock is used for date and time stamps. If this is not feasible, an alternative workaround is to take an action that generates an entry in the log and then immediately query the operating system for the current time. A reasonable match between the two times will suffice as evidence that the system is using the internal clock for date and time stamps.

If the web server does not use the internal system clock to generate time stamps, this is a finding.

Check Content Reference

M

Target Key

2557

Comments