Navigate

Check: SRG-APP-000374-AS-000210

Application Server SRG: SRG-APP-000374-AS-000210 (in versions v4 r2 through v2 r2)

Title

The application server must record time stamps for log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). (Cat II impact)

Discussion

If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis. Time stamps generated by the application include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC.

Check Content

Review the application server documentation and configuration files to determine if time stamps for log records can be mapped to UTC or GMT. If the time stamp cannot be mapped to UTC or GMT, this is a finding.

Fix Text

Configure the application server to use time stamps for log records that can easily be mapped to UTC or GMT.

Additional Identifiers

Rule ID: SV-204794r961443_rule

Vulnerability ID: V-204794

Group Title: SRG-APP-000374

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001890	Record time stamps for audit records that use Coordinated Universal Time, have a fixed local time offset from Coordinated Universal Time, or that include the local time offset as part of the time stamp.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-8	Time Stamps