Application Server SRG Version Comparison
Application Server Security Requirements Guide
Comparison
There are 1 differences between versions v2 r8 (April 24, 2020) (the "left" version) and v3 r2 (Jan. 27, 2022) (the "right" version).
Check SRG-APP-000353-AS-000235 was removed from the benchmark in the "right" version. The text below reflects the old wording.
This check's original form is available here.
Text Differences
Title
The application server must provide the capability for organization-identified individuals or roles to change the logging to be performed on all application components, based on all selectable event criteria within organization-defined time thresholds.
Check Content
Review the application server configuration to determine if the application server provides the capability for organization-identified individuals or roles to change the logging to be performed on all application components, based on all selectable event criteria within organization-defined time thresholds. If the application server cannot meet this requirement, this is a finding.
Discussion
Log records can be generated from various components within the application server. The list of logged events is the set of events for which logs are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating log records (i.e., logable events). Application server log events may include, but are not limited to, HTTP, Database, and XML parsing activity. The application server must be capable of allowing defined individuals or roles to change the logging to be performed on all application server components, based on all selectable event criteria during a defined time threshold. The time threshold can be defined by such events as a change in the threat environment. The ability to change logging parameters during the threat would allow important forensic information to be gathered during the time duration of the threat.
Fix
Configure the application server to provide the capability for organization-identified individuals or roles to change the logging to be performed on all application components, based on all selectable event criteria within organization-defined time thresholds.