The application server must alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-263550	SRG-APP-000795-AS-000130	SV-263550r981702_rule		Medium

Description

Audit information includes all information needed to successfully audit system activity, such as audit records, audit log settings, audit reports, and personally identifiable information. Audit logging tools are those programs and devices used to conduct system audit and logging activities. Protection of audit information focuses on technical protection and limits the ability to access and execute audit logging tools to authorized individuals. Physical protection of audit information is addressed by both media protection controls and physical and environmental protection controls.

STIG	Date
Application Server Security Requirements Guide	2025-02-11

Details

Check Text (C-67450r981700_chk)

Verify the application server alerts organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.

If the application server does not alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information, this is a finding.

Fix Text (F-67358r981701_fix)

Configure the application server to alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.