Cyber Trackr - Free Compliance Library
Cyber Trackr
The Free Compliance Library

SPEC Innovations Innoslate 4.x Security Technical Implementation Guide

  • Version/Release: V1R1
  • Published: 2022-08-31
  • Expand All:
  • Severity:
  • Sort:
Compare

Select any two versions of this STIG to compare the individual requirements

View

Select any old version/release of this STIG to view the previous requirements

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.
b
Innoslate must initiate a session lock after a 15-minute period of inactivity.
AC-11 - Medium - CCI-000057 - V-254086 - SV-254086r845234_rule
RMF Control
AC-11
Severity
Medium
CCI
CCI-000057
Version
SPEC-IN-000015
Vuln IDs
  • V-254086
Rule IDs
  • SV-254086r845234_rule
A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system, but does not log out because of the temporary nature of the absence. Rather than relying on the user to manually lock their application session prior to vacating the vicinity, applications need to be able to identify when a user's application session has idled and take action to initiate the session lock. The session lock is implemented at the point where session activity can be determined and/or controlled. This is typically at the operating system-level and results in a system lock, but may be at the application-level where the application interface window is secured instead. Satisfies: SRG-APP-000003, SRG-APP-000190, SRG-APP-000390
Checks: C-57571r845232_chk

1. Enter the web.xml file located at C:\Innoslate4\apache-tomcat\webapps\Innoslate4\WEB-INF. 2. Search (Ctrl+f) for "session-timeout" object (typically found on line 8). 3. Verify time is set to 15 minutes, if not , this is a finding.

Fix: F-57522r845233_fix

1. Enter the web.xml file located at C:\Innoslate4\apache-tomcat\webapps\Innoslate4\WEB-INF. 2. Search (Ctrl+f) for "session-timeout" object (typically found on line 8). 3. Set the time to 15 minutes. 4. Save. 5. Restart the service.

c
Innoslate must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.
AC-17 - High - CCI-000068 - V-254087 - SV-254087r845265_rule
RMF Control
AC-17
Severity
High
CCI
CCI-000068
Version
SPEC-IN-000030
Vuln IDs
  • V-254087
Rule IDs
  • SV-254087r845265_rule
Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and unknown attacks that exploit vulnerabilities in this protocol. This requirement applies to Transport Layer Security (TLS) gateways (also known as Secure Sockets Layer [SSL] gateways), web servers, and web applications and is not applicable to virtual private network (VPN) devices. Application protocols such as HTTPS and DNSSEC use TLS as the underlying security protocol and thus are in scope for this requirement. NIST SP 800-52 provides guidance for client negotiation on either DoD-only or on public-facing servers. Satisfies: SRG-APP-000014, SRG-APP-000156, SRG-APP-000179, SRG-APP-000442, SRG-APP-000555, SRG-APP-000560, SRG-APP-000565, SRG-APP-000605, SRG-APP-000635, SRG-APP-000645, SRG-APP-000219
Checks: C-57572r845235_chk

1. Consult the System Administrator if needed to determine the location of the Apache Tomcat server.xml file and the network port that was specified during installation for use with Innoslate. The default is 8443; other AO-approved ports may be used. 2. Open the server.xml file with a text editor, and locate the <Connector/> element. The following is an example: Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" SSLProtocol="TLSv1.2" keystoreFile="$keystorepath" keystorePass="123456" keyAlias="tomcatssl" / If "port" is not set to 8443, or other AO-approved port, this is a finding. If "protocol" is not set to "org.apache.coyote.http11.Http11NioProtocol", this is a finding. If "SSLEnabled" is not set to "true", this is a finding. If "scheme" is not set to "https", this is a finding. If "secure" is not set to "true", this is a finding. If "SSLProtocol"or "SSLEnabledProtocols" is not set to "TLSv1.2", this is a finding. The name of this flag varies with Tomcat versions.

Fix: F-57523r845236_fix

1. Open the server.xml file inside the conf folder of the tomcat installation (IE "C:\Innoslate4\apache-tomcat\conf" or "$CATALINA_BASE/conf/server.xml"). Add a connector tag for HTTPS scheme with PORT 8443 (or other AO-approved port) using the following example: Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLSv1.2" keystoreFile="C:\Innoslate4\apache-tomcat-8.5.30\conf\keystore.jks" keystorePass="123456" keyAlias="tomcatssl" / 2. Set "port" to 8443, or other AO-approved port. Set "protocol" to "org.apache.coyote.http11.Http11NioProtocol". Set "SSLEnabled" to "true". Set "scheme" to "https". Set "secure" to "true". Set "SSLProtocol" or "SSLEnabledProtocols" to "TLSv1.2". The name of this flag varies with Tomcat versions. Set "keystoreFile" to the path of the keystore utilized by the system, and set the associated password with "keystorePass". 3. Save the server.xml file.

b
Innoslate must provide automated mechanisms for supporting account management functions.
AC-2 - Medium - CCI-000015 - V-254088 - SV-254088r845240_rule
RMF Control
AC-2
Severity
Medium
CCI
CCI-000015
Version
SPEC-IN-000045
Vuln IDs
  • V-254088
Rule IDs
  • SV-254088r845240_rule
Enterprise environments make application account management challenging and complex. A manual process for account management functions adds the risk of a potential oversight or other error. A comprehensive application account management process that includes automation helps to ensure accounts designated as requiring attention are consistently and promptly addressed. Examples include, but are not limited to, using automation to take action on multiple accounts designated as inactive, suspended or terminated or by disabling accounts located in non-centralized account stores such as multiple servers. This requirement applies to all account types, including individual/user, shared, group, system, guest/anonymous, emergency, developer/manufacturer/vendor, temporary, and service. The application must be configured to automatically provide account management functions and these functions must immediately enforce the organization's current account policy. The automated mechanisms may reside within the application itself or may be offered by the operating system or other infrastructure providing automated account management capabilities. Automated mechanisms may be comprised of differing technologies that when placed together contain an overall automated mechanism supporting an organization's automated account management requirements. Account management functions include assignment of group or role membership; identifying account type; specifying user access authorizations (i.e., privileges); account removal, update, or termination; and administrative alerts. The use of automated mechanisms can include, for example using email or text messaging to automatically notify account managers when users are terminated or transferred; using the information system to monitor account usage; and using automated telephonic notification to report atypical system account usage.
Checks: C-57573r845238_chk

1. Enter the settings.properties file located at C:\Innoslate4\apache-tomcat\webapps\Innoslate4\WEB-INF. 2. Find the "default organization" field. 3. Enter the default organization name to automatically add users to once they sign in. 4. Find the "Email notifications" fields. 5. Verify the email information is correct. If not, this is a finding.

Fix: F-57524r845239_fix

1. Enter the settings.properties file located at C:\Innoslate4\apache-tomcat\webapps\Innoslate4\WEB-INF. 2. Find the "default organization" field. 3. Enter the default organization name to automatically add users to once they sign in. 4. Find the "Email notifications" fields. 5. Add the email information in the required fields. 6. Save. 7. Restart Service.

b
Innoslate must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
AU-12 - Medium - CCI-000171 - V-254089 - SV-254089r845243_rule
RMF Control
AU-12
Severity
Medium
CCI
CCI-000171
Version
SPEC-IN-000080
Vuln IDs
  • V-254089
Rule IDs
  • SV-254089r845243_rule
To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., networks, web servers, and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement. Access control policies include identity-based policies, role-based policies, and attribute-based policies. Access enforcement mechanisms include access control lists, access control matrices, and cryptography. These policies and mechanisms must be employed by the application to control access between users (or processes acting on behalf of users) and objects (e.g., devices, files, records, processes, programs, and domains) in the information system. This requirement is applicable to access control enforcement applications (e.g., authentication servers) and other applications that perform information and system access control functions. Steps to prove capability: 1. Sign in as admin. 2. Enter the admin dashboard. 3. Select the respective org name on the left. 4. View the users and validate the correct permissions are applied. 5. View the roles and validate they are correct. 6. Enter a project. 7. Click "Share". 8. Verify the correct users are shared with the correct roles to the project. Satisfies: SRG-APP-000033, SRG-APP-000039, SRG-APP-000090, SRG-APP-000343
Checks: C-57574r845241_chk

1. Sign in With Admin Account. 2. Enter Admin Dashboard. 3. Click on the "Organization" tab. 4. Find the "Roles" section. 5. Select the role to verify. 6. Ensure Administrative roles are separated from End User roles. Otherwise, this is a finding.

Fix: F-57525r845242_fix

1. Sign in With Admin Account. 2. Enter Admin Dashboard. 3. Click on the "Organization" tab. 4. Find the "Roles" section. 5. Select the role to verify. 6. Verify via checkboxes that the role has the correct permissions applied. 7. Click "Edit" if changes are needed. 8. Select the appropriate role permissions to separate Administrative Users from End Users. 9. Click "Update". 10. Verify changes were made.

b
Innoslate must enforce approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies.
AC-4 - Medium - CCI-001368 - V-254090 - SV-254090r845246_rule
RMF Control
AC-4
Severity
Medium
CCI
CCI-001368
Version
SPEC-IN-000085
Vuln IDs
  • V-254090
Rule IDs
  • SV-254090r845246_rule
A mechanism to detect and prevent unauthorized communication flow must be configured or provided as part of the system design. If information flow is not enforced based on approved authorizations, the system may become compromised. Information flow control regulates where information is allowed to travel within a system and between interconnected systems. The flow of all system information must be monitored and controlled so it does not introduce any unacceptable risk to the systems or data. Application specific examples of enforcement occurs in systems that employ rule sets or establish configuration settings that restrict information system services, or message-filtering capability based on message content (e.g., implementing key word searches or using document characteristics). Applications providing information flow control must be able to enforce approved authorizations for controlling the flow of information within the system in accordance with applicable policy.
Checks: C-57575r845244_chk

1. Sign in as owner of project. 2. Enter Schema Editor. 3. Click "Workflow". 4. Verify permissions are applied to the workflow classes specified. If not, this is a finding.

Fix: F-57526r845245_fix

1. Sign in as owner of project. 2. Enter Schema Editor. 3. Click "Workflow". 4. Verify permissions are applied to the workflow classes specified.

b
The publicly accessible application must display the Standard Mandatory DoD Notice and Consent Banner before granting access to Innoslate.
AC-8 - Medium - CCI-000048 - V-254091 - SV-254091r845249_rule
RMF Control
AC-8
Severity
Medium
CCI
CCI-000048
Version
SPEC-IN-000110
Vuln IDs
  • V-254091
Rule IDs
  • SV-254091r845249_rule
Display of a standardized and approved use notification before granting access to the publicly accessible application ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. System use notifications are required only for access via logon interfaces with human users and are not required when such human interfaces do not exist. The banner must be formatted in accordance with DTM-08-060. Use the following verbiage for desktops, laptops, and other devices accommodating banners of 1300 characters: "You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions: -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. -At any time, the USG may inspect and seize data stored on this IS. -Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details." Use the following verbiage for operating systems that have severe limitations on the number of characters that can be displayed in the banner: "I've read & consent to terms in IS user agreem't." Satisfies: SRG-APP-000070, SRG-APP-000068, SRG-APP-000069
Checks: C-57576r845247_chk

1. Sign in to Innoslate. 2. Enter a project. 3. If the DoD Banner does not appear correctly, this is a finding.

Fix: F-57527r845248_fix

1. Sign in to Innoslate. 2. Enter a project. 3. In the top right, select the "Gear" icon, and then select "Banner". 4. Insert DoD Banner Text and click "Save".

b
Innoslate must generate comprehensive audit records.
AU-3 - Medium - CCI-000130 - V-254092 - SV-254092r845252_rule
RMF Control
AU-3
Severity
Medium
CCI
CCI-000130
Version
SPEC-IN-000140
Vuln IDs
  • V-254092
Rule IDs
  • SV-254092r845252_rule
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. Audit records can be generated from various components within the information system (e.g., module or policy filter). 1. Access Innoslate folder. 2. Navigate to Innoslate4\apache-tomcat\logs. 3. View the access logs. Satisfies: SRG-APP-000091, SRG-APP-000092, SRG-APP-000095, SRG-APP-000096, SRG-APP-000097, SRG-APP-000492, SRG-APP-000493, SRG-APP-000494, SRG-APP-000504, SRG-APP-000505, SRG-APP-000506, SRG-APP-000507, SRG-APP-000508, SRG-APP-000509, SRG-APP-000510
Checks: C-57577r845250_chk

1. Locate the logging.properties file in the following directory: Innoslate\apache-tomcat\conf. 2. Search "level", and check corresponding lines for the correct verbosity settings. If they are incorrect after a change, save, and service restart, this is a finding. Below is an example of the contents of the default logging.properties file. "# Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, 3manager.org.apache.juli.AsyncFileHandler, 4host-manager.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler .handlers = 1catalina.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler ############################################################ # Handler specific properties. # Describes specific configuration info for Handlers. ############################################################ 1catalina.org.apache.juli.AsyncFileHandler.level = FINE 1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs 1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina. 2localhost.org.apache.juli.AsyncFileHandler.level = FINE 2localhost.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs 2localhost.org.apache.juli.AsyncFileHandler.prefix = localhost. 3manager.org.apache.juli.AsyncFileHandler.level = FINE 3manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs 3manager.org.apache.juli.AsyncFileHandler.prefix = manager. 4host-manager.org.apache.juli.AsyncFileHandler.level = FINE 4host-manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs 4host-manager.org.apache.juli.AsyncFileHandler.prefix = host-manager. java.util.logging.ConsoleHandler.level = FINE java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter ############################################################ # Facility specific properties. # Provides extra control for each logger. ############################################################ org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.AsyncFileHandler org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = 3manager.org.apache.juli.AsyncFileHandler org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.AsyncFileHandler # For example, set the org.apache.catalina.util.LifecycleBase logger to log # each component that extends LifecycleBase changing state: #org.apache.catalina.util.LifecycleBase.level = FINE # To see FINE messages in TldLocationsCache, uncomment the following line: #org.apache.jasper.compiler.TldLocationsCache.level = FINE # To see FINE messages for HTTP/2 handling, uncomment the following line: #org.apache.coyote.http2.level = FINE # To see FINE messages for WebSocket handling, uncomment the following line: #org.apache.tomcat.websocket.level = FINE"

Fix: F-57528r845251_fix

1. Locate the logging.properties file in the following directory: Innoslate4\apache-tomcat\conf. 2. Search "level" and modify corresponding lines to be set to FINE or VERBOSE as needed.

c
Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.
IA-5 - High - CCI-000185 - V-254093 - SV-254093r845255_rule
RMF Control
IA-5
Severity
High
CCI
CCI-000185
Version
SPEC-IN-000280
Vuln IDs
  • V-254093
Rule IDs
  • SV-254093r845255_rule
Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. Factors include: (i) Something a user knows (e.g., password/PIN); (ii) Something a user has (e.g., cryptographic identification device, token); or (iii) Something a user is (e.g., biometric). A privileged account is defined as an information system account with authorizations of a privileged user. Network access is defined as access to an information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, or the internet). Satisfies: SRG-APP-000149, SRG-APP-000024, SRG-APP-000025, SRG-APP-000026, SRG-APP-000027, SRG-APP-000028, SRG-APP-000029, SRG-APP-000065, SRG-APP-000148, SRG-APP-000150, SRG-APP-000151, SRG-APP-000152, SRG-APP-000153, SRG-APP-000157, SRG-APP-000163, SRG-APP-000164, SRG-APP-000165, SRG-APP-000166, SRG-APP-000167, SRG-APP-000168, SRG-APP-000169, SRG-APP-000170, SRG-APP-000173, SRG-APP-000174, SRG-APP-000175, SRG-APP-000176, SRG-APP-000291, SRG-APP-000292, SRG-APP-000293, SRG-APP-000294, SRG-APP-000295, SRG-APP-000318, SRG-APP-000319, SRG-APP-000320, SRG-APP-000356, SRG-APP-000391, SRG-APP-000392, SRG-APP-000397, SRG-APP-000401, SRG-APP-000402, SRG-APP-000403, SRG-APP-000404, SRG-APP-000405, SRG-APP-000427
Checks: C-57578r845253_chk

1. Enter the settings.properties file located at C:\Innoslate4\apache-tomcat\webapps\Innoslate4\WEB-INF. 2. Find the LDAP fields. 3. Verify LDAP information is correct. If not, this is a finding. The LDAP Fields should look (not exactly) like this: " LDAP_INITIAL_CONTEXT_FACTORY = com.sun.jndi.ldap.LdapCtxFactory LDAP_PROVIDER_URLS = ldap://providerUrl.com LDAP_SECURITY_AUTHENTICATION = none LDAP_SECURITY_PRINCIPAL = CN=Admin Innoslate,CN=Users,DC=Innoslateactive,DC=com LDAP_SECURITY_CREDENTIALS = password LDAP_USER_CONTEXT = CN=Users,DC=Innoslateactive,DC=com LDAP_USER_OBJECT_CLASS = user LDAP_USER_UID_ATTRIBUTE = sAMAccountName LDAP_CONNECT_TIMEOUT = 1000 LDAP_READ_TIMEOUT = 5000 LDAP_USER_EMAIL_ATTRIBUTE = mail LDAP_USER_FIRST_NAME_ATTRIBUTE = givenName LDAP_USER_LAST_NAME_ATTRIBUTE = sn LDAP_USER_PHONE_NUMBER_ATTRIBUTE = telephoneNumber LDAP_USER_COMPANY_ATTRIBUTE = company LDAP_USER_SEARCH_FILTER = (&(objectClass=user)(sAMAccountName={0})(!(userAccountControl:1.2.840.113556.1.4.803:=2))) "

Fix: F-57529r845254_fix

1. Enter settings.properties file. 2. Change the AUTHENTICATION_TYPE to "CAC". 3. Save. 4. Restart the Innoslate service.

c
Innoslate must map the authenticated identity to the individual user or group account for PKI-based authentication.
IA-5 - High - CCI-000187 - V-254094 - SV-254094r845258_rule
RMF Control
IA-5
Severity
High
CCI
CCI-000187
Version
SPEC-IN-000390
Vuln IDs
  • V-254094
Rule IDs
  • SV-254094r845258_rule
Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the individual user or group will not be available for forensic analysis.
Checks: C-57579r845256_chk

Open the settings.properties file [Path] and verify the AUTHENTICATION_TYPE is set to "CAC". If AUTHENTICATION_TYPE is not set to "CAC", this is a finding.

Fix: F-57530r845257_fix

1. Open the settings.properties file [Path]. 2. Change the AUTHENTICATION_TYPE to "CAC". 3. Save. 4. Restart the Innoslate service.

b
Innoslate must off-load audit records onto a different system or media than the system being audited.
AU-4 - Medium - CCI-001851 - V-254095 - SV-254095r845261_rule
RMF Control
AU-4
Severity
Medium
CCI
CCI-001851
Version
SPEC-IN-000720
Vuln IDs
  • V-254095
Rule IDs
  • SV-254095r845261_rule
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.
Checks: C-57580r845259_chk

1. Access the logging.properties file in the logs directory of the Innoslate files. 2. Verify the ____.apache.juli.AsyncFileHandler.directory field is set to a directory on a different system. Otherwise, this is a finding.

Fix: F-57531r845260_fix

1. Access the logging.properties file in the logs directory of the Innoslate files. 2. Set the ____.apache.juli.AsyncFileHandler.directory fields to the directory or directories required. 3. Save. 4. Restart the service.

b
Innoslate must generate audit records when DoD required events occur.
AU-12 - Medium - CCI-000172 - V-254096 - SV-254096r845264_rule
RMF Control
AU-12
Severity
Medium
CCI
CCI-000172
Version
SPEC-IN-001130
Vuln IDs
  • V-254096
Rule IDs
  • SV-254096r845264_rule
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. Audit records can be generated from various components within the information system (e.g., module or policy filter). 1. Access Innoslate folder. 2. Navigate to Innoslate4\apache-tomcat\logs. 3. View the logs. Satisfies: SRG-APP-000495, SRG-APP-000496, SRG-APP-000497, SRG-APP-000498, SRG-APP-000499, SRG-APP-000500, SRG-APP-000501, SRG-APP-000502, SRG-APP-000503
Checks: C-57581r845262_chk

1. Locate the logging.properties file in the following directory: Innoslate\apache-tomcat\conf. 2. Modify lines 25, 29, 33, and 41 to be set to DEBUG or VERBOSE as needed. 3. If after a service restart the logs do not change, this is a finding.

Fix: F-57532r845263_fix

1. Locate the logging.properties file in the following directory: Innoslate\apache-tomcat\conf. 2. Modify lines 25, 29, 33, and 41 to be set to DEBUG or VERBOSE as needed.