From Application Server Security Requirements Guide
Part of SRG-APP-000503-AS-000228
Associated with: CCI-000172
Logging the access to the application server allows the system administrators to monitor user accounts. By logging successful/unsuccessful logons, the system administrator can determine if an account is compromised (e.g., frequent logons) or is in the process of being compromised (e.g., frequent failed logons) and can take actions to thwart the attack.
Review product documentation and the system configuration to determine if the application server generates log records on successful and unsuccessful logon attempts by users. If logon attempts do not generate log records, this is a finding.
Configure the application server to generate log records when successful/unsuccessful logon attempts are made by users.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer