STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

The web server must use a logging mechanism that is configured to provide a warning to the ISSO and SA when allocated record storage volume reaches 75% of maximum log record storage capacity.

DISA Rule

SV-70229r2_rule

Vulnerability Number

V-55975

Group Title

SRG-APP-000359-WSR-000065

Rule Version

SRG-APP-000359-WSR-000065

Severity

CAT II

CCI(s)

• CCI-001855 - The information system provides a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit record storage volume reaches an organization-defined percentage of repository maximum audit record storage capacity.

Weight

10

Fix Recommendation

Configure the web server to provide a warning to the ISSO and SA when allocated log record storage volume reaches 75% of maximum record storage capacity.

Check Contents

Review the web server documentation and deployment configuration settings to determine if the web server log system provides a warning to the ISSO and SA when allocated record storage volume reaches 75% of maximum record storage capacity.

If designated alerts are not sent or the web server is not configured to use a dedicated log tool that meets this requirement, this is a finding.

Vulnerability Number

V-55975

Documentable

False

Rule Version

SRG-APP-000359-WSR-000065

Severity Override Guidance

Review the web server documentation and deployment configuration settings to determine if the web server log system provides a warning to the ISSO and SA when allocated record storage volume reaches 75% of maximum record storage capacity.

If designated alerts are not sent or the web server is not configured to use a dedicated log tool that meets this requirement, this is a finding.

Check Content Reference

M

Target Key

2557

Comments