UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must allocate online audit record storage capacity for an organization defined number of continuous days of operation.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35116 SRG-APP-000072-AS-000039 SV-46403r1_rule Medium
Description
The proper management of audit records and logs not only dictates proper archiving processes and procedures be established, it also requires allocating enough storage space to maintain audit logs online for a defined period of time. If adequate online audit storage capacity is not maintained, intrusion monitoring, security investigations, and forensic analysis can be negatively affected. It is important to keep a defined amount of logs online and readily available for investigative purposes. The logs may be stored on the AS or in some instances, Storage Area Networks (SAN) may be employed to meet this requirement. Regardless of method being used, audit record storage capacity must be sufficient to provide the defined number of days of continuous online operation.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43503r2_chk )
Review policy and the AS or SAN configuration or log data to verify online log capacity meets organization requirements for continuous days of operation. If the AS is not configured to meet organization defined requirements, this is a finding.
Fix Text (F-39668r2_fix)
Allocate enough audit log storage capacity to meet the organizations online audit log storage requirement for continuous days of operation.