The application server must initiate session logging upon startup.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-204720 | SRG-APP-000092-AS-000053 | SV-204720r960888_rule | CCI-001464 | medium |
| Description | ||||
| Session logging activities are developed, integrated, and used in consultation with legal counsel in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations. | ||||
| STIG | Date | |||
| Application Server Security Requirements Guide | 2025-02-11 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
AU-14(1)
1.00
- DISA · 4 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-001464
1.00
- DISA · 4 · disa_xccdf · related
Details
Check Text (C-204720r960888_chk)
Review the application server product documentation and server configuration to determine if the application server initiates session logging on application server startup.
If the application server is not configured to meet this requirement, this is a finding.
Fix Text (F-4840r282808_fix)
Configure the application server to initiate session logging on application server startup.