The application must generate audit records showing starting and ending time for user access to the system.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-222464 | SRG-APP-000505 | APSC-DV-000850 | SV-222464r961830_rule | 2025-02-12 | 6 |
| Description |
|---|
| Knowing when a user’s application session began and when it ended is critical information that aids in forensic analysis. |
| ℹ️ Check |
|---|
| Review and monitor the application logs. Initiate a user session and observe if the log includes a time stamp showing the start of the session. Terminate the user session and observe if the log includes a time stamp showing the end of the session. If the start and the end time of the session are not recorded in the logs, this is a finding. |
| ✔️ Fix |
|---|
| Configure the application or application server to record the start and end time of user session activity. |