Application Security and Development Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000493
Group -
The application must generate audit records when successful/unsuccessful attempts to access security levels occur.
A security level denotes a permissions or authorization capability within the application. This is most often associated with a user role. Attempts to access a security level can occur when a user ...Rule Medium Severity -
SRG-APP-000494
Group -
The application must generate audit records when successful/unsuccessful attempts to access categories of information (e.g., classification levels) occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-APP-000495
Group -
The application must generate audit records when successful/unsuccessful attempts to modify privileges occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-APP-000496
Group -
SRG-APP-000497
Group -
The application must generate audit records when successful/unsuccessful attempts to modify security levels occur.
A security level denotes a permissions or authorization capability within the application. This is most often associated with a user role. Attempts to modify a security level can be construed as an...Rule Medium Severity -
SRG-APP-000498
Group -
The application must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-APP-000499
Group -
The application must generate audit records when successful/unsuccessful attempts to delete privileges occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-APP-000500
Group -
SRG-APP-000501
Group -
SRG-APP-000502
Group -
The application must generate audit records when successful/unsuccessful attempts to delete categories of information (e.g., classification levels) occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-APP-000503
Group -
SRG-APP-000504
Group -
The application must generate audit records for privileged activities or other system-level access.
Privileged activities include the tasks or actions taken by users in an administrative role (admin, backup operator, manager, etc.) which are used to manage or reconfigure application function. Exa...Rule Medium Severity -
SRG-APP-000505
Group -
SRG-APP-000507
Group -
SRG-APP-000508
Group -
The application must generate audit records for all direct access to the information system.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-APP-000509
Group -
The application must generate audit records for all account creations, modifications, disabling, and termination events.
When application user accounts are created, modified, disabled or terminated the event must be logged. Centralized management of user accounts allows for rapid response to user related security ev...Rule Medium Severity -
SRG-APP-000092
Group -
The application must initiate session auditing upon startup.
If the application does not begin logging upon startup, important log events could be missed.Rule Medium Severity -
SRG-APP-000095
Group -
The application must log application shutdown events.
Forensics is a large part of security incident response. Applications must provide a record of their actions so application events can be investigated post-event. Attackers may attempt to shut ...Rule Medium Severity -
SRG-APP-000095
Group -
SRG-APP-000095
Group -
SRG-APP-000095
Group -
The application must log user actions involving changes to data.
When users change/modify application data, there is risk of data compromise if the account used to access is compromised or access is granted improperly. To be able to investigate which account acc...Rule Medium Severity -
SRG-APP-000096
Group -
The application must produce audit records containing information to establish when (date and time) the events occurred.
Without establishing when events occurred, it is impossible to establish, correlate, and investigate the events relating to an incident. In order to compile an accurate risk assessment, and provid...Rule Medium Severity -
SRG-APP-000097
Group -
The application must produce audit records containing enough information to establish which component, feature or function of the application triggered the audit event.
It is impossible to establish, correlate, and investigate the events relating to an incident if the details regarding the source of the event it not available. In order to compile an accurate risk...Rule Medium Severity -
SRG-APP-000098
Group -
SRG-APP-000099
Group -
The application must produce audit records that contain information to establish the outcome of the events.
Without information about the outcome of events, security personnel cannot make an accurate assessment as to whether an attack was successful or if changes were made to the security state of the sy...Rule Medium Severity -
SRG-APP-000100
Group -
SRG-APP-000101
Group -
The application must generate audit records containing the full-text recording of privileged commands or the individual identities of group account users.
Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. Organizations consider limiting the additional audit information to only t...Rule Medium Severity -
SRG-APP-000101
Group -
The application must implement transaction recovery logs when transaction based.
Without required logging and access control, security issues related to data changes will not be identified. This could lead to security compromises such as data misuse, unauthorized changes, or un...Rule Medium Severity -
SRG-APP-000356
Group -
SRG-APP-000358
Group -
SRG-APP-000515
Group -
The application must be configured to write application logs to a centralized log repository.
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. In addition, attackers often manipulate logs to hide or obfuscate their activity. Off-loading ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.