OpenControls Logo

STIG Viewer

The Automation Controller must generate the appropriate log records.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-256943APWS-AT-000090SV-256943r960765_ruleCCI-000067medium
Description
Automation Controller's web server must log all details related to user sessions in support of troubleshooting, debugging, and forensic analysis. Without a data logging feature, the organization loses an important auditing and analysis tool for event investigations. Satisfies: SRG-APP-000016-WSR-000005, SRG-APP-000095-WSR-000056, SRG-APP-000096-WSR-000057, SRG-APP-000097-WSR-000058, SRG-APP-000098-WSR-000059, SRG-APP-000098-WSR-000060, SRG-APP-000099-WSR-000061, SRG-APP-000100-WSR-000064
STIGDate
Red Hat Ansible Automation Controller Web Server Security Technical Implementation Guide2024-08-27

Related Frameworks

3 paths across 3 frameworks
NIST 800-531 mapping
AC-17(1)
1.00
  • DISA · 2 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.1.12
1.00
  • DISA · 2 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000067
1.00
  • DISA · 2 · disa_xccdf · related

Details

Check Text (C-256943r960765_chk)

For each Automation Controller host, determine whether the web server is logging all content related to user sessions. Log in to Automation Controller as an administrator and navigate to console Settings >> System >> Miscellaneous System. Verify the following settings: Enable Activity Stream = On Enable Activity Stream for Inventory Sync = On Organization Admins Can Manage Users and Teams = On All Users Visible to Organization Admins = On If the configuration settings are not as above, this is a finding.

Fix Text (F-60560r903520_fix)

As a System Administrator, for each Automation Controller host, navigate to console Settings >> System >> Miscellaneous System. Click "Edit". Set the following: Enable Activity Stream = On Enable Activity Stream for Inventory Sync = On Organization Admins Can Manage Users and Teams = On All Users Visible to Organization Admins = On Click "Save".