Free DISA STIG and SRG Library | Vaulted

V-35142

The application server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which logable events are to be logged.

Finding ID
SRG-APP-000090-AS-000051
Rule ID
SV-46429r3_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-APP-000090-AS-000051
CCI
CCI-000171
Target Key
(None)
Documentable
No
Discussion

Log records can be generated from various components within the application server, (e.g., httpd, beans, etc.) From an application perspective, certain specific application functionalities may be logged, as well. The list of logged events is the set of events for which logs are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating log records (e.g., logable events, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked). Application servers utilize role-based access controls in order to specify the individuals who are allowed to configure application component logable events. The application server must be configured to select which personnel are assigned the role of selecting which logable events are to be logged. The personnel or roles that can select logable events are only the ISSM (or individuals or roles appointed by the ISSM).

Fix Text

Configure the application server to only allow the ISSM (or individuals or roles appointed by the ISSM) to change logable events.

Check Content

Review application server product documentation and configuration to determine if the system only allows the ISSM (or individuals or roles appointed by the ISSM) to change logable events. If the system is not configured to perform this function, this is a finding.