Rule ID
SV-274528r1143554_rule
Version
V1R1
CCIs
CCI-000130
The API must audit authentication and authorization information to ensure proper security, accountability, and compliance. Auditing authentication and authorization events allows the API to track and log who accessed the system, what resources were accessed, and whether the user had the appropriate permissions. This is crucial for detecting unauthorized access, preventing privilege escalation, and identifying potential security threats, such as brute force attacks or credential theft. Auditing also provides a record of actions for accountability, helping to monitor user activity and ensuring that sensitive data or actions are only accessible to authorized individuals.
Verify the API generates audit records of what type of events occurred. 1. Confirm audit logging is enabled for authentication and authorization events. This includes both successful and failed authentication attempts, as well as the authorization decisions (e.g., whether a user is granted or denied access). 2. Verify the logs capture relevant authentication and authorization details. 3. After performing tests, review the logs for entries related to authentication and authorization. Ensure that logs contain the appropriate level of detail (e.g., timestamps, user IDs, status codes). If the API does not audit authentication and authorization information, this is a finding.
Build or configure the API to log authentication and authorization events, including the appropriate level of detail (e.g., timestamps, user IDs, status codes).