UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The designer will ensure the application has a capability to notify an administrator when audit logs are nearing capacity as specified in the system documentation.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6139 APP3650 SV-6139r1_rule ECAT-2 Low
Description
If an application audit log reaches capacity without warning, it will stop logging important system and security events. It could also open the system up for a type of denial of service attack, if an application halts with a full log.
STIG Date
Application Security and Development Checklist 2014-01-07

Details

Check Text ( C-2952r1_chk )
Examine the application documentation and ask the application representative what automated mechanism is in place to ensure the administrator is notified when the application logs are near capacity.

1) If an automated mechanism is not in place to warn the administrator, it is a finding.

If the application representative or the documentation indicates a mechanism is in place, examine the configuration of the mechanism to ensure the process is present and executing.

2) If an automated mechanism is not executing, it is a finding.

Note: This may be automated by the operating system of the application servers.
Fix Text (F-17116r1_fix)
Implement a warning mechanism to notify system administrators when the audit records are near full.