The Automation Controller must generate the appropriate log records.

STIG ID: APWS-AT-000090  |  SRG: SRG-APP-000016-WSR-000005 |  Severity: medium |  CCI: CCI-000067,CCI-000130,CCI-000131,CCI-000132,CCI-000133,CCI-000134,CCI-001487 |  Vulnerability Id: V-256943 | 

Vulnerability Discussion

Automation Controller's web server must log all details related to user sessions in support of troubleshooting, debugging, and forensic analysis.

Without a data logging feature, the organization loses an important auditing and analysis tool for event investigations.

Satisfies: SRG-APP-000016-WSR-000005, SRG-APP-000095-WSR-000056, SRG-APP-000096-WSR-000057, SRG-APP-000097-WSR-000058, SRG-APP-000098-WSR-000059, SRG-APP-000098-WSR-000060, SRG-APP-000099-WSR-000061, SRG-APP-000100-WSR-000064

Check

For each Automation Controller host, determine whether the web server is logging all content related to user sessions.

Log in to Automation Controller as an administrator and navigate to console Settings >> System >> Miscellaneous System.

Verify the following settings:

Enable Activity Stream = On

Enable Activity Stream for Inventory Sync = On

Organization Admins Can Manage Users and Teams = On

All Users Visible to Organization Admins = On

If the configuration settings are not as above, this is a finding.

Fix

As a System Administrator, for each Automation Controller host, navigate to console Settings >> System >> Miscellaneous System.

Click "Edit".

Set the following:
Enable Activity Stream = On

Enable Activity Stream for Inventory Sync = On

Organization Admins Can Manage Users and Teams = On

All Users Visible to Organization Admins = On

Click "Save".
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.