STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must provide an immediate warning to the SA and ISSO, at a minimum, when allocated log record storage volume reaches 75% of maximum log record storage capacity.

DISA Rule

SV-204790r508029_rule

Vulnerability Number

V-204790

Group Title

SRG-APP-000359

Rule Version

SRG-APP-000359-AS-000065

Severity

CAT II

CCI(s)

• CCI-001855 - The information system provides a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit record storage volume reaches an organization-defined percentage of repository maximum audit record storage capacity.

Weight

10

Fix Recommendation

Configure the application server to provide an alert to the SA and ISSO when allocated log record storage volume reaches 75% of maximum log record storage capacity.

Check Contents

Review the configuration settings to determine if the application server logging system provides a warning to the SA and ISSO when 75% of allocated log record storage volume is reached.

If designated alerts are not sent, or the application server is not configured to use a dedicated logging tool that meets this requirement, this is a finding.

Vulnerability Number

V-204790

Documentable

False

Rule Version

SRG-APP-000359-AS-000065

Severity Override Guidance

Review the configuration settings to determine if the application server logging system provides a warning to the SA and ISSO when 75% of allocated log record storage volume is reached.

If designated alerts are not sent, or the application server is not configured to use a dedicated logging tool that meets this requirement, this is a finding.

Check Content Reference

M

Target Key

2900

Comments