Title

Log file data must contain required data elements. (Cat II impact)

Discussion

The use of log files is a critical component of the operation of the Information Systems (IS) used within the DoD, and they can provide invaluable assistance with regard to damage assessment, causation, and the recovery of both affected components and data. They may be used to monitor accidental or intentional misuse of the (IS) and may be used by law enforcement for criminal prosecutions. The use of log files is a requirement within the DoD.

Check Content

1. Open the IIS Manager > Right click on the website being reviewed > Select Properties > Select the Web Site tab. 2. Ensure Enable logging is selected. 3. Select the Properties button > Select the Advance tab. 4. Under the Extended logging options ensure the following items are checked: Date, Time, Client IP Address, User Name, Method, URI Query, Http Protocol Status and Referrer If the Enable logging checkbox is not selected, this is a finding. If any of the items listed in step 4 are not selected, this is a finding. NOTE: The collection of additional logging information is acceptable.

Fix Text

1. Open the IIS Manager > Right click on the website being reviewed > Select Properties > Select the Web Site tab. 2. Ensure Enable logging is selected. 3. Select the Properties button > Select the Advance tab. 4. Under the Extended logging options check the following: Date, Time, Client IP Address, User Name, Method, URI Query, Http Protocol Status and Referrer 5. Select OK.

Additional Identifiers

Rule ID: SV-28653r1_rule

Vulnerability ID: V-13688

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.