The API must audit authentication and authorization information.

STIG ID: SRG-APP-000095-API-001765  |  SRG: SRG-APP-000095 |  Severity: medium |  CCI: CCI-000130 |  Vulnerability Id: V-274528

Vulnerability Discussion

The API must audit authentication and authorization information to ensure proper security, accountability, and compliance. Auditing authentication and authorization events allows the API to track and log who accessed the system, what resources were accessed, and whether the user had the appropriate permissions. This is crucial for detecting unauthorized access, preventing privilege escalation, and identifying potential security threats, such as brute force attacks or credential theft. Auditing also provides a record of actions for accountability, helping to monitor user activity and ensuring that sensitive data or actions are only accessible to authorized individuals.

Check

Verify the API generates audit records of what type of events occurred.

1. Confirm audit logging is enabled for authentication and authorization events. This includes both successful and failed authentication attempts, as well as the authorization decisions (e.g., whether a user is granted or denied access).

2. Verify the logs capture relevant authentication and authorization details.

3. After performing tests, review the logs for entries related to authentication and authorization. Ensure that logs contain the appropriate level of detail (e.g., timestamps, user IDs, status codes).

If the API does not audit authentication and authorization information, this is a finding.

Fix

Build or configure the API to log authentication and authorization events, including the appropriate level of detail (e.g., timestamps, user IDs, status codes).
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.