The application must generate audit records showing starting and ending time for user access to the system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-222464 | APSC-DV-000850 | SV-222464r961830_rule | CCI-000172 | medium |
| Description | ||||
| Knowing when a user’s application session began and when it ended is critical information that aids in forensic analysis. | ||||
| STIG | Date | |||
| Application Security and Development Security Technical Implementation Guide | 2025-02-12 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AU-12
1.00
- DISA · 6 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.3.1
1.00
- DISA · 6 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.3.2
1.00
- DISA · 6 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000172
1.00
- DISA · 6 · disa_xccdf · related
Details
Check Text (C-222464r961830_chk)
Review and monitor the application logs.
Initiate a user session and observe if the log includes a time stamp showing the start of the session.
Terminate the user session and observe if the log includes a time stamp showing the end of the session.
If the start and the end time of the session are not recorded in the logs, this is a finding.
Fix Text (F-24123r493301_fix)
Configure the application or application server to record the start and end time of user session activity.