From Central Log Server Security Requirements Guide
Part of SRG-APP-000148-AU-002270
Associated with: CCI-000764
To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
Examine the configuration. Verify that individual user accounts are defined within the application. Each account must have a separate identifier. If an authentication server may be used for login, ensure the application audit logs containing management and configuration actions, identify the individual performing each action. If the Central Log Server is not configured to uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users), this is a finding.
For systems where individual users access, configure and/or manage the system, configure the Central Log Server application so each user is explicitly identified and authenticated. While an authentication server, is often used for logon, this requirement must include instructions for integrating the authentication server so that they system requires unique identification and authentication. Note: Group accounts are not permitted for logon to the Central Log Server.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer