Documentation - V-204719

V-204719

Application Server Security Requirements Guide

CAT II

Title

The application server must generate log records when successful/unsuccessful attempts to access subject privileges occur.

Description

<VulnDiscussion>Accessing a subject's privileges can be used to elevate a lower-privileged subject's privileges temporarily in order to cause harm to the application server or to gain privileges to operate temporarily for a designed purpose. When these actions take place, the event needs to be logged. Application servers either provide a local user store, or they integrate with enterprise user stores like LDAP. When the application server provides the user store and enforces authentication, t...

Fix Text (Documentation Requirement)

Configure the application server to generate log records when privileges are successfully/unsuccessfully accessed.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel