From Application Security and Development Security Technical Implementation Guide
Part of SRG-APP-000116
Associated with: CCI-000159
Without an internal clock used as the reference for the time stored on each event to provide a trusted common reference for the time, forensic analysis would be impeded. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events.
Review the system documentation and interview the application administrator for details regarding application architecture and logging configuration. Identify the application components and the logs associated with the components. Ensure the time written into the logs coincides with the OS timeclock. Access random audit records and review the most recent logs. Access the system OS hosting the application and use the related OS commands to determine the time of the system. Perform an action in the application that causes a log event to be written and review the log to ensure the system times and the application log times correlate; compensating for any time delays that may have occurred between running the OS time command and running the application action. If the application doesn't use the internal system clocks to generate time stamps for the audit event logs, this is a finding.
Configure the application to use the hosting systems internal clock for audit record generation.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer