Documentation - V-204739

V-204739

Application Server Security Requirements Guide

CAT II

Title

The application server must use cryptographic mechanisms to protect the integrity of log information.

Description

<VulnDiscussion>Protecting the integrity of log records helps to ensure log files are not tampered with. Cryptographic mechanisms are the industry-established standard used to protect the integrity of log data. An example of cryptographic mechanisms is the computation and application of a cryptographic hash and using asymmetric cryptography with digital signatures. Application Servers often write log data to files on the file system. These files typically roll over on a periodic basis. Once th...

Fix Text (Documentation Requirement)

Configure the application server to hash and sign logs using cryptographic means. Alternatively, configure the application server or OS to send logs to a centralized log server that meets the hashing and signing requirement.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel