Check: SRG-APP-000795-WSR-000130
Web Server SRG:
SRG-APP-000795-WSR-000130
(in versions v4 r2 through v4 r1)
Title
The web server must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information. (Cat II impact)
Discussion
Audit information includes all information needed to successfully audit system activity, such as audit records, audit log settings, audit reports, and personally identifiable information. Audit logging tools are those programs and devices used to conduct system audit and logging activities. Protection of audit information focuses on technical protection and limits the ability to access and execute audit logging tools to authorized individuals. Physical protection of audit information is addressed by both media protection controls and physical and environmental protection controls.
Check Content
Verify the web server is configured to alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information. If the web server is not configured to alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information, this is a finding.
Fix Text
Configure the web server to alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.
Additional Identifiers
Rule ID: SV-264340r984365_rule
Vulnerability ID: V-264340
Group Title: SRG-APP-000795
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-003831 |
Alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |