From Application Security and Development Security Technical Implementation Guide
Part of SRG-APP-000366
Associated with: CCI-001878
The report generation capability must support on-demand review and analysis in order to facilitate the organization's ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
Review the application documentation and interview the application administrator for details regarding audit reduction (log record event filtering). Access the application with user rights sufficient to read and filter audit records. Navigate the application user interface and select the application functionality that provides access and interface to audit records and audit reporting. If the application uses a centralized logging solution that provides immediate, customizable audit review and analysis functions, the requirement is not applicable. Create an event report. Report data can be based on date ranges, times or events, or other criteria that could be used in an investigation. Use of data from previous checks for audit reduction is encouraged. Review the report and ensure the data in the report coincides with event filters used to create the report. If the application does not provide an immediate, ad-hoc audit review and analysis capability, this is a finding.
Design or configure the application to provide an immediate audit review capability or utilize a centralized utility designed for the purpose of on-demand log management and reporting.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer