The application must produce audit records containing information to establish when (date and time) the events occurred.

An XCCDF Rule

Details
Profiles

Description

Without establishing when events occurred, it is impossible to establish, correlate, and investigate the events relating to an incident. In order to compile an accurate risk assessment, and provide forensic analysis, it is essential for security personnel to know when events occurred (date and time).

ID: SV-222473r960894_rule
Version: APSC-DV-000980
Severity: Medium
References: CCI-000131
Updated: about 2 months ago

Remediation Templates

Configure the application or application server to include the date and the time of the event in the audit logs.

The application must produce audit records containing information to establish when (date and time) the events occurred.

Description

Remediation Templates

A Manual Procedure