V-274520

Discussion

The API must generate audit records when successful or unsuccessful attempts to access privileges occur to ensure security, traceability, and accountability. By logging both successful and failed access attempts, the API creates a record that helps track who is attempting to access sensitive resources, and whether those attempts are authorized or not. This is critical for identifying potential security threats, such as unauthorized access, brute-force attacks, or credential stuffing, which could compromise the system. Unsuccessful attempts provide valuable insight into potential vulnerabilities or areas where attackers are trying to bypass security measures. Successful access logs, on the other hand, confirm the correct users or services are accessing resources within the intended permissions, ensuring access controls are working as expected.

Check Content

Verify both successful and unsuccessful attempts to access privileges are configured to be logged. This may include user identity, timestamps, access attempts, and outcomes (success or failure).

Perform various test cases to simulate both successful and unsuccessful access.

After performing the test scenarios, access the logs generated by the API (or the centralized logging system) and check for entries related to authentication and authorization. 

Cross-check the actual logging behavior with the organization’s auditing and security policies to verify the API meets required standards for logging successful and unsuccessful access attempts.

If the API does not generate audit records when successful/unsuccessful attempts to access privileges occur, this is a finding.