The application must use cryptographic mechanisms to protect the integrity of audit information.

From Application Security and Development Security Technical Implementation Guide

Part of SRG-APP-000126

Associated with: CCI-001350

SV-84119r1_rule The application must use cryptographic mechanisms to protect the integrity of audit information.

Vulnerability discussion

Audit records may be tampered with; if the integrity of audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.Protection of audit records and audit data is of critical importance. Cryptographic mechanisms are the industry established standard used to protect the integrity of audit data. An example of a cryptographic mechanism is the computation and application of a cryptographic-signed hash using asymmetric cryptography.This requirement applies to applications that generate, process or manage audit records and is applied once audit processing has completed and the audit record is being stored.

Check content

Review the system documentation and interview the application administrator for details regarding application architecture, audit methods, and provided audit tools. Identify the location of the application audit information. If the application is configured to utilize a centralized audit log solution that uses cryptographic methods that meet this requirement such as creating cryptographic hash values or message digests that can be used to validate integrity of audit files, the requirement is not applicable. Ask application administrator to demonstrate the cryptographic mechanisms used to protect the integrity of audit data. Verify when application logs are stored on the file system, a process that includes the creation of an integrity check of the audit file being stored is utilized. This integrity check can be the creation of a checksum, message digest or other one-way cryptographic hash of the audit file that is created. If an integrity check is not created to protect the integrity of the audit information, this is a finding.

Fix text

Configure the application to create an integrity check consisting of a cryptographic hash or one-way digest that can be used to establish the integrity when storing log files.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer