Title

The application server must record time stamps for log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). (Cat II impact)

Discussion

If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis. Time stamps generated by the application include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC.

Check Content

Review the application server documentation and configuration files to determine if time stamps for log records can be mapped to UTC or GMT. If the time stamp cannot be mapped to UTC or GMT, this is a finding.

Fix Text

Configure the application server to use time stamps for log records that can easily be mapped to UTC or GMT.

Additional Identifiers

Rule ID: SV-204794r879747_rule

Vulnerability ID: V-204794

Group Title: SRG-APP-000374

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.