Documentation - V-222512

V-222512

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The application must audit who makes configuration changes to the application.

Description

<VulnDiscussion>Without auditing the enforcement of access restrictions against changes to the application configuration, it will be difficult to identify attempted attacks and an audit trail will not be available for forensic investigation for after-the-fact actions. Enforcement actions are the methods or mechanisms used to prevent unauthorized changes to configuration settings. Enforcement action methods may be as simple as denying access to a file based on the application of file permissions...

Fix Text (Documentation Requirement)

Configure the application to create log entries that can be used to identify the user accounts that make application configuration changes.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel