STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Application Security and Development Security Technical Implementation Guide

V-222449

CAT II (Medium)

The application must record the username or user ID of the user associated with the event.

Rule ID

SV-222449r960879_rule

STIG

Application Security and Development Security Technical Implementation Guide

Version

V6R4

CCIs

CCI-000169

Discussion

When users conduct activity within an application, that user’s identity must be recorded in the audit log. Failing to record the identity of the user responsible for the activity within the application is detrimental to forensic analysis.

Check Content

Review and monitor the application logs.

Connect to the application and perform application activity that is allowed by the user such as accessing data or running reports.

Observe if the log includes an entry to indicate the user ID of the user that conducted the activity.

If the user ID is not recorded along with the event in the event log, this is a finding.

Fix Text

Configure the application to record the user ID of the user responsible for the log event entry.