Skip to content
Catalogs
XCCDF
Application Security and Development Security Technical Implementation Guide
SRG-APP-000498
The application must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur.
The application must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur. An XCCDF Rule
The application must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur.
Medium Severity
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>