The application server must allocate online audit record storage capacity for an organization defined number of continuous days of operation.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35116 | SRG-APP-000072-AS-000039 | SV-46403r1_rule | Medium |
| Description |
|---|
| The proper management of audit records and logs not only dictates proper archiving processes and procedures be established, it also requires allocating enough storage space to maintain audit logs online for a defined period of time. If adequate online audit storage capacity is not maintained, intrusion monitoring, security investigations, and forensic analysis can be negatively affected. It is important to keep a defined amount of logs online and readily available for investigative purposes. The logs may be stored on the AS or in some instances, Storage Area Networks (SAN) may be employed to meet this requirement. Regardless of method being used, audit record storage capacity must be sufficient to provide the defined number of days of continuous online operation. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43503r2_chk ) |
|---|
| Review policy and the AS or SAN configuration or log data to verify online log capacity meets organization requirements for continuous days of operation. If the AS is not configured to meet organization defined requirements, this is a finding. |
| Fix Text (F-39668r2_fix) |
|---|
| Allocate enough audit log storage capacity to meet the organizations online audit log storage requirement for continuous days of operation. |