From Application Security and Development Security Technical Implementation Guide
Part of ASDV-PL-002910
Associated with: CCI-001872
Without access control the data is not secure. It can be compromised, misused, or changed by unauthorized access at any time.
Interview the application representative and ask for the system documentation that states how often audit logs are reviewed. Also, determine when the audit logs were last reviewed. If the application representative cannot provide system documentation identifying how often the auditing logs are reviewed, or has not audited within the last time period stated in the system documentation, this is a finding.
Establish a scheduled process for reviewing logs. Maintain a log or records of dates and times audit logs are reviewed.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer