Documentation - V-206366

V-206366

Web Server Security Requirements Guide

CAT II

Title

The web server must use a logging mechanism that is configured to alert the ISSO and SA in the event of a processing failure.

Description

<VulnDiscussion>Reviewing log data allows an investigator to recreate the path of an attacker and to capture forensic data for later use. Log data is also essential to system administrators in their daily administrative duties on the hosted system or within the hosted applications. If the logging system begins to fail, events will not be recorded. Organizations shall define logging failure events, at which time the application or the logging mechanism the application utilizes will provide a wa...

Fix Text (Documentation Requirement)

Configure the web server to provide an alert to the ISSO and SA when log processing failures occur. If the web server cannot generate alerts, utilize an external logging system that meets this criterion.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel