An error occurred:

Check: SRG-APP-000091-API-001730

Application Programming Interface (API) SRG: SRG-APP-000091-API-001730 (in version v1 r1)

Title

The API must generate audit records when successful/unsuccessful attempts to access privileges occur. (Cat II impact)

Discussion

The API must generate audit records when successful or unsuccessful attempts to access privileges occur to ensure security, traceability, and accountability. By logging both successful and failed access attempts, the API creates a record that helps track who is attempting to access sensitive resources, and whether those attempts are authorized or not. This is critical for identifying potential security threats, such as unauthorized access, brute-force attacks, or credential stuffing, which could compromise the system. Unsuccessful attempts provide valuable insight into potential vulnerabilities or areas where attackers are trying to bypass security measures. Successful access logs, on the other hand, confirm the correct users or services are accessing resources within the intended permissions, ensuring access controls are working as expected.

Check Content

Verify both successful and unsuccessful attempts to access privileges are configured to be logged. This may include user identity, timestamps, access attempts, and outcomes (success or failure). Perform various test cases to simulate both successful and unsuccessful access. After performing the test scenarios, access the logs generated by the API (or the centralized logging system) and check for entries related to authentication and authorization. Cross-check the actual logging behavior with the organization’s auditing and security policies to verify the API meets required standards for logging successful and unsuccessful access attempts. If the API does not generate audit records when successful/unsuccessful attempts to access privileges occur, this is a finding.

Fix Text

Build or configure the API to enable logging successful/unsuccessful attempts to access privileges.

Additional Identifiers

Rule ID: SV-274520r1143514_rule

Vulnerability ID: V-274520

Group Title: SRG-APP-000091

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000172

Generate audit records for the event types defined in AU-2 c that include the audit record content defined in AU-3.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-12

Audit Record Generation