From Application Security and Development Security Technical Implementation Guide
Part of SRG-APP-000509
Associated with: CCI-000172
When application user accounts are created, modified, disabled or terminated the event must be logged.
Log on to the application as an administrative user. Navigate to the user account management functionality. If no user management capability exists within the application, refer to the Enterprise Active Directory or LDAP user management interfaces. Monitor and review the log where the application's user activity is recorded. Create an application test account and then review the log to ensure a log record that documents the event is created. Modify the test account and then review the log to ensure a log record that documents the event is created. Disable the test account and then review the log to ensure a log record that documents the event is created. Terminate/Remove the test account and then review the log to ensure a log record that documents the event is created. If log events are not created that document all of these events, this is a finding. If some, but not all of the aforementioned events are documented in the logs, this is a finding. Findings should document which of the events was not logged.
Configure the application to log user account creation, modification, disabling, and termination events.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer