Check: APSC-DV-000940
Application Security and Development STIG:
APSC-DV-000940
(in versions v5 r3 through v5 r1)
Title
The application must log application shutdown events. (Cat II impact)
Discussion
Forensics is a large part of security incident response. Applications must provide a record of their actions so application events can be investigated post-event. Attackers may attempt to shut off the application logging capability to cover their activity while on the system. Recording the shutdown event and the time it occurred in the application or system logs helps to provide forensic evidence that aids in investigating the events.
Check Content
Review and monitor the application and system logs. If an application shutdown event is not recorded in the logs, either initiate a shutdown event and review the logs after reestablishing access or request backup copies of the application or system logs that indicate shutdown events are being recorded. Alternatively, check for a setting within the application that controls application logging events and determine if application shutdown logging is configured. If the application is not recording application shutdown events in either the application or system log, or if the application is not configured to record shutdown events, this is a finding.
Fix Text
Configure the application or application server to record application shutdown events in the event logs.
Additional Identifiers
Rule ID: SV-222469r879563_rule
Vulnerability ID: V-222469
Group Title: SRG-APP-000095
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000130 |
The information system generates audit records containing information that establishes what type of event occurred. |
Controls
Number | Title |
---|---|
AU-3 |
Content Of Audit Records |