STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 4 Release: 9 Benchmark Date: 25 Jan 2019: The application must log user actions involving access to data.

DISA Rule

SV-84047r1_rule

Vulnerability Number

V-69425

Group Title

SRG-APP-000095

Rule Version

APSC-DV-000960

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Identify the specific data elements requiring protection and audit access to the data.

Check Contents

Review and monitor the application logs. When accessing data, the logs are most likely database logs.

If the application design documents include specific data elements that require protection, ensure user access to those data elements are logged.

Utilize the application as a regular user and operate the application so as to access data elements contained within the application. This includes using the application user interface to browse through data elements, query/search data elements and using report generation capability if it exists.

Observe and determine if the application log includes an entry to indicate the user’s access to the data was recorded.

If successful access to application data elements is not recorded in the logs, this is a finding.

Vulnerability Number

V-69425

Documentable

False

Rule Version

APSC-DV-000960

Severity Override Guidance

Review and monitor the application logs. When accessing data, the logs are most likely database logs.

If the application design documents include specific data elements that require protection, ensure user access to those data elements are logged.

Utilize the application as a regular user and operate the application so as to access data elements contained within the application. This includes using the application user interface to browse through data elements, query/search data elements and using report generation capability if it exists.

Observe and determine if the application log includes an entry to indicate the user’s access to the data was recorded.

If successful access to application data elements is not recorded in the logs, this is a finding.

Check Content Reference

M

Target Key

3009

Comments