Documentation - V-206359

V-206359

Web Server Security Requirements Guide

CAT II

Title

The web server must produce log records containing sufficient information to establish what type of events occurred.

Description

<VulnDiscussion>Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined. For web servers, events logging includes, but is not limited to, the detection of the following: • XSS attacks (detect in server, mproxy, and WAF types logs). • Cross Site Request Forgery attacks. • Web Cache Poisoning. • Instances of Session Hijacking. • Instances of Server Side Request Forgery. Ascertainin...

Fix Text (Documentation Requirement)

Configure the web server to record sufficient information to establish what type of events occurred.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel