The application must log user actions involving access to data.

From Application Security and Development Security Technical Implementation Guide

Part of SRG-APP-000095

Associated with: CCI-000130

SV-84047r1_rule The application must log user actions involving access to data.

Vulnerability discussion

When users access application data, there is risk of data compromise or seepage if the account used to access is compromised or access is granted improperly. To be able to investigate which account accessed data, the account access must be logged. Without establishing when the access event occurred, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one.Associating event types with detected events in the application and audit logs provides a means of investigating an attack; recognizing resource utilization or capacity thresholds; or identifying an improperly configured application.

Check content

Review and monitor the application logs. When accessing data, the logs are most likely database logs. If the application design documents include specific data elements that require protection, ensure user access to those data elements are logged. Utilize the application as a regular user and operate the application so as to access data elements contained within the application. This includes using the application user interface to browse through data elements, query/search data elements and using report generation capability if it exists. Observe and determine if the application log includes an entry to indicate the user’s access to the data was recorded. If successful access to application data elements is not recorded in the logs, this is a finding.

Fix text

Identify the specific data elements requiring protection and audit access to the data.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer