STIGQter STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

The web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server.

DISA Rule

SV-70213r2_rule

Vulnerability Number

V-55959

Group Title

SRG-APP-000357-WSR-000150

Rule Version

SRG-APP-000357-WSR-000150

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the web server to use a logging mechanism that is configured to allocate log record storage capacity in accordance with NIST SP 800-92 log record storage requirements.

Check Contents

Review the web server documentation and deployment configuration to determine if the web server is using a logging mechanism to store log records. If a logging mechanism is in use, validate that the mechanism is configured to use record storage capacity in accordance with specifications within NIST SP 800-92 for log record storage requirements.

If the web server is not using a logging mechanism, or if the mechanism has not been configured to allocate log record storage capacity in accordance with NIST SP 800-92, this is a finding.

Vulnerability Number

V-55959

Documentable

False

Rule Version

SRG-APP-000357-WSR-000150

Severity Override Guidance

Review the web server documentation and deployment configuration to determine if the web server is using a logging mechanism to store log records. If a logging mechanism is in use, validate that the mechanism is configured to use record storage capacity in accordance with specifications within NIST SP 800-92 for log record storage requirements.

If the web server is not using a logging mechanism, or if the mechanism has not been configured to allocate log record storage capacity in accordance with NIST SP 800-92, this is a finding.

Check Content Reference

M

Target Key

2557

Comments