Skip to content

The application must generate audit records showing starting and ending time for user access to the system.

An XCCDF Rule

Description

<VulnDiscussion>Knowing when a user’s application session began and when it ended is critical information that aids in forensic analysis.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-222464r879876_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Configure the application or application server to record the start and end time of user session activity.