Skip to content
Catalogs
XCCDF
Application Security and Development Security Technical Implementation Guide
SRG-APP-000097
The application must produce audit records containing enough information to establish which component, feature or function of the application triggered the audit event.
The application must produce audit records containing enough information to establish which component, feature or function of the application triggered the audit event. An XCCDF Rule
The application must produce audit records containing enough information to establish which component, feature or function of the application triggered the audit event.
Medium Severity
<VulnDiscussion>It is impossible to establish, correlate, and investigate the events relating to an incident if the details regarding the source of the event it not available.
In order to compile an accurate risk assessment, and provide forensic analysis, it is essential for security personnel to know where within the application the events occurred, such as which application component, application modules, filenames, and functionality.
Associating information about where the event occurred within the application provides a means of quickly investigating an attack; recognizing resource utilization or capacity thresholds; or identifying an improperly configured application.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>