STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AU-4 — Audit Log Storage Capacity

CCI-001849

Definition

Allocate audit log storage capacity to accommodate organization-defined audit log retention requirements.

Parent Control

AU-4Audit Log Storage CapacityAudit and Accountability

Linked STIG Checks (169)

V-279076CAT IIIColdFusion must allocate log record storage capacity.Adobe ColdFusion Security Technical Implementation Guide V-274067CAT IIAmazon Linux 2023 must allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility.Amazon Linux 2023 Security Technical Implementation Guide V-274068CAT IIIAmazon Linux 2023 must use a separate file system for the system audit data path.Amazon Linux 2023 Security Technical Implementation Guide V-274168CAT IIAmazon Linux 2023 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.Amazon Linux 2023 Security Technical Implementation Guide V-268093CAT IINixOS must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.Anduril NixOS Security Technical Implementation Guide V-214262CAT IIThe Apache web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the Apache web server.Apache Server 2.4 UNIX Server Security Technical Implementation Guide V-214347CAT IIThe Apache web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the Apache web server.Apache Server 2.4 Windows Server Security Technical Implementation Guide V-252473CAT IIThe macOS system must allocate audit record storage capacity to store at least one week's worth of audit records when audit records are not immediately sent to a central audit record storage facility.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257179CAT IIIThe macOS system must allocate audit record storage capacity to store at least seven days of audit records when audit records are not immediately sent to a central audit record storage facility.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-259467CAT IIIThe macOS system must configure audit retention to seven days.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259558CAT IIIThe macOS system must configure install.log retention to 365.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-268467CAT IIIThe macOS system must configure audit retention to seven days.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268554CAT IIIThe macOS system must configure install.log retention to 365.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277074CAT IIIThe macOS system must configure audit retention to seven days.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277163CAT IIIThe macOS system must configure install.log retention to 365.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-204788CAT IIThe application server must allocate log record storage capacity in accordance with organization-defined log record storage requirements.Application Server Security Requirements Guide V-272637CAT IICylanceON-PREM must be configured to use an external database if users exceed 30,000.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-255962CAT IIThe Arista network device must be configured to capture all DOD auditable events.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-276014CAT IAx-OS must off-load audit records onto a different system or media than the system being audited.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-219237CAT IIIThe Ubuntu operating system must allocate audit record storage capacity to store at least one weeks worth of audit records, when audit records are not immediately sent to a central audit record storage facility.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238305CAT IIIThe Ubuntu operating system must allocate audit record storage capacity to store at least one weeks' worth of audit records, when audit records are not immediately sent to a central audit record storage facility.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260595CAT IIIUbuntu 22.04 LTS must allocate audit record storage capacity to store at least one weeks' worth of audit records, when audit records are not immediately sent to a central audit record storage facility.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270816CAT IIIUbuntu 24.04 LTS must allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-271935CAT IIThe Cisco ACI must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Cisco ACI NDM Security Technical Implementation Guide V-239922CAT IIThe Cisco ASA must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Cisco ASA NDM Security Technical Implementation Guide V-215691CAT IIThe Cisco router must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Cisco IOS Router NDM Security Technical Implementation Guide V-220599CAT IIThe Cisco switch must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Cisco IOS Switch NDM Security Technical Implementation Guide V-215836CAT IIThe Cisco router must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220547CAT IIThe Cisco switch must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-216533CAT IIThe Cisco router must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Cisco IOS XR Router NDM Security Technical Implementation Guide V-242626CAT IIThe Cisco ISE must limit audit record storage capacity for all locally stored logs.Cisco ISE NDM Security Technical Implementation Guide V-220496CAT IIThe Cisco switch must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Cisco NX OS Switch NDM Security Technical Implementation Guide V-269506CAT IIIAlmaLinux OS 9 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269507CAT IIIAlmaLinux OS 9 must use a separate file system for the system audit data path.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269508CAT IIAlmaLinux OS 9 must allocate audit record storage capacity to store at least one week's worth of audit records.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233168CAT IIThe container platform must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Container Platform Security Requirements Guide V-233529CAT IIPostgreSQL must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261918CAT IIPostgreSQL must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Crunchy Data Postgres 16 Security Technical Implementation Guide V-206591CAT IIThe DBMS must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Database Security Requirements Guide V-235832CAT IIThe Docker Enterprise max-size and max-file json-file drivers logging options in the daemon.json configuration file must be configured to allocate audit record storage capacity for Universal Control Plane (UCP) and Docker Trusted Registry (DTR) per the requirements set forth by the System Security Plan (SSP).Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-271008CAT IIDragos Platform must allocate audit record storage retention length.Dragos Platform 2.x Security Technical Implementation Guide V-224197CAT IIThe EDB Postgres Advanced Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213622CAT IIThe EDB Postgres Advanced Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-259278CAT IIThe EDB Postgres Advanced Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-217413CAT IIThe BIG-IP appliance must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.F5 BIG-IP Device Management Security Technical Implementation Guide V-266074CAT IIIThe F5 BIG-IP appliance must manage local audit storage capacity in accordance with organization-defined audit record storage requirements.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-234180CAT IIThe FortiGate device must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-203700CAT IIIThe operating system must allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility.General Purpose Operating System Security Requirements Guide V-217463CAT IIThe HP FlexFabric Switch must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.HP FlexFabric Switch NDM Security Technical Implementation Guide V-255250CAT IISSMC must allocate audit record storage capacity to store at least one weeks' worth of audit records, when audit records are not immediately sent to a central audit record storage facility.HPE 3PAR SSMC Operating System Security Technical Implementation Guide V-237830CAT IIThe storage system must allocate audit record storage capacity to store at least one weeks worth of audit records, when audit records are not immediately sent to a central audit record storage facility.HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide V-255282CAT IIThe HPE 3PAR operating system must be configured to allocate audit record storage capacity to store at least one week of audit records, even though all audit records are immediately sent to a centralized audit record storage system (SIEM).HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide V-283400CAT IIThe HPE Alletra Storage ArcusOS device must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide V-283401CAT IIThe HPE Alletra Storage ArcusOS device must allocate a set number of audit records that can be stored on the system in accordance with organization-defined audit record storage requirements.HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide V-268251CAT IIThe HYCU virtual appliance must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.HYCU Protege Security Technical Implementation Guide V-215253CAT IIAIX must allocate audit record storage capacity to store at least one weeks worth of audit records, when audit records are not immediately sent to a central audit record storage facility.IBM AIX 7.x Security Technical Implementation Guide V-213720CAT IIDB2 must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-65143CAT IIThe DataPower Gateway must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.IBM DataPower Network Device Management Security Technical Implementation Guide V-250343CAT IIThe WebSphere Liberty Server must allocate JVM log record storage capacity in accordance with organization-defined log record storage requirements.IBM WebSphere Liberty Server Security Technical Implementation Guide V-255841CAT IIThe WebSphere Application Server must allocate JVM log record storage capacity in accordance with organization-defined log record storage requirements.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-255842CAT IIThe WebSphere Application Server must allocate audit log record storage capacity in accordance with organization-defined log record storage requirements.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-223547CAT IIIBM z/OS SMF collection files (system MANx data sets or LOGSTREAM DASD) must have storage capacity to store at least one weeks worth of audit data.IBM z/OS ACF2 Security Technical Implementation Guide V-223770CAT IIIBM z/OS SMF collection files (system MANx datasets or LOGSTREAM DASD) must have storage capacity to store at least one weeks worth of audit data.IBM z/OS RACF Security Technical Implementation Guide V-224021CAT IIIBM z/OS SMF collection files (system MANx data sets or LOGSTREAM DASD) must have storage capacity to store at least one weeks worth of audit data.IBM z/OS TSS Security Technical Implementation Guide V-258605CAT IIThe ICS must be configured to allocate local audit record storage capacity in accordance with organization-defined audit record storage requirements.Ivanti Connect Secure NDM Security Technical Implementation Guide V-253918CAT IIThe Juniper EX switch must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-217332CAT IIThe Juniper router must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Juniper Router NDM Security Technical Implementation Guide V-66477CAT IIFor local log files, the Juniper SRX Services Gateway must allocate log storage capacity in accordance with organization-defined log record storage requirements so that the log files do not grow to a size that causes operational issues.Juniper SRX SG NDM Security Technical Implementation Guide V-223198CAT IIFor local log files, the Juniper SRX Services Gateway must allocate log storage capacity in accordance with organization-defined log record storage requirements so that the log files do not grow to a size that causes operational issues.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-213868CAT IISQL Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.MS SQL Server 2014 Instance Security Technical Implementation Guide V-213983CAT IISQL Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.MS SQL Server 2016 Instance Security Technical Implementation Guide V-205553CAT IIThe mainframe product must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Mainframe Product Security Requirements Guide V-253727CAT IIMariaDB must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.MariaDB Enterprise 10.x Security Technical Implementation Guide V-220380CAT IIMarkLogic Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.MarkLogic Server v9 Security Technical Implementation Guide V-255343CAT IIAzure SQL Database must be able to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Microsoft Azure SQL Database Security Technical Implementation Guide V-276252CAT IIAzure SQL Managed Instance must be able to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-218815CAT IIThe IIS 10.0 web server must use a logging mechanism configured to allocate log record storage capacity large enough to accommodate the logging requirements of the IIS 10.0 web server.Microsoft IIS 10.0 Server Security Technical Implementation Guide V-218765CAT IIThe IIS 10.0 website must use a logging mechanism configured to allocate log record storage capacity large enough to accommodate the logging requirements of the IIS 10.0 website.Microsoft IIS 10.0 Site Security Technical Implementation Guide V-271343CAT IISQL Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-220779CAT IIThe Application event log size must be configured to 32768 KB or greater.Microsoft Windows 10 Security Technical Implementation Guide V-220780CAT IIThe Security event log size must be configured to 1024000 KB or greater.Microsoft Windows 10 Security Technical Implementation Guide V-220781CAT IIThe System event log size must be configured to 32768 KB or greater.Microsoft Windows 10 Security Technical Implementation Guide V-253337CAT IIThe Application event log size must be configured to 32768 KB or greater.Microsoft Windows 11 Security Technical Implementation Guide V-253338CAT IIThe security event log size must be configured to a value that holds at least one week's worth of audit records.Microsoft Windows 11 Security Technical Implementation Guide V-253339CAT IIThe System event log size must be configured to 32768 KB or greater.Microsoft Windows 11 Security Technical Implementation Guide V-224937CAT IIThe Application event log size must be configured to 32768 KB or greater.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224938CAT IIThe Security event log size must be configured to 196608 KB or greater.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224939CAT IIThe System event log size must be configured to 32768 KB or greater.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205796CAT IIWindows Server 2019 Application event log size must be configured to 32768 KB or greater.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205797CAT IIWindows Server 2019 security event log size must be configured to a value that holds at least one week's worth of audit records.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205798CAT IIWindows Server 2019 System event log size must be configured to 32768 KB or greater.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254358CAT IIWindows Server 2022 Application event log size must be configured to 32768 KB or greater.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254359CAT IIThe Windows Server 2022 security event log size must be configured to a value that holds at least one week's worth of audit records.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254360CAT IIWindows Server 2022 System event log size must be configured to 32768 KB or greater.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278105CAT IIWindows Server 2025 Application event log size must be configured to 32768 KB or greater.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278106CAT IIWindows Server 2025 Security event log size must be configured to 196608 KB or greater.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278107CAT IIWindows Server 2025 System event log size must be configured to 32768 KB or greater.Microsoft Windows Server 2025 Security Technical Implementation Guide V-221189CAT IIMongoDB must allocate audit record storage capacity in accordance with site audit record storage requirements.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-252172CAT IIMongoDB must allocate audit record storage capacity in accordance with site audit record storage requirements.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-265938CAT IIMongoDB must allocate audit record storage capacity in accordance with site audit record storage requirements.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-279375CAT IIMongoDB must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-246933CAT IIONTAP must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.NetApp ONTAP DSC 9.x Security Technical Implementation Guide V-202098CAT IIThe network device must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Network Device Management Security Requirements Guide V-254178CAT IINutanix AOS must allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279566CAT IIINutanix OS must allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility.Nutanix Acropolis GPOS Security Technical Implementation Guide V-270506CAT IIOracle Database must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Oracle Database 19c Security Technical Implementation Guide V-221756CAT IIIThe Oracle Linux operating system must use a separate file system for the system audit data path large enough to hold at least one week of audit data.Oracle Linux 7 Security Technical Implementation Guide V-248811CAT IIOL 8 must allocate audit record storage capacity to store at least one week of audit records when audit records are not immediately sent to a central audit record storage facility.Oracle Linux 8 Security Technical Implementation Guide V-271432CAT IIIOL 9 must use a separate file system for the system audit data path.Oracle Linux 9 Security Technical Implementation Guide V-271592CAT IIIOL 9 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.Oracle Linux 9 Security Technical Implementation Guide V-271596CAT IIOL 9 must allocate audit record storage capacity to store at least one week's worth of audit records.Oracle Linux 9 Security Technical Implementation Guide V-235173CAT IIThe MySQL Database Server 8.0 must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Oracle MySQL 8.0 Security Technical Implementation Guide V-253542CAT IIThe node that runs Prisma Cloud Compute containers must have sufficient disk space to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-214066CAT IIPostgreSQL must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.PostgreSQL 9.x Security Technical Implementation Guide V-273820CAT IIThe RUCKUS ICX device must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.RUCKUS ICX NDM Security Technical Implementation Guide V-252846CAT IIRancher MCM must allocate audit record storage and generate audit records associated with events, users, and groups.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-280936CAT IIIRHEL 10 must use a separate file system for the system audit data path.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281102CAT IIRHEL 10 must allocate an "audit_backlog_limit" of sufficient size to capture processes that start prior to the audit daemon.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281106CAT IIIRHEL 10 must allocate audit record storage capacity to store at least one week's worth of audit records.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-230469CAT IIIRHEL 8 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-230476CAT IIRHEL 8 must allocate audit record storage capacity to store at least one week of audit records, when audit records are not immediately sent to a central audit record storage facility.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-257847CAT IIIRHEL 9 must use a separate file system for the system audit data path.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258155CAT IIRHEL 9 must allocate audit record storage capacity to store at least one week's worth of audit records.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258173CAT IIIRHEL 9 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257558CAT IIIRed Hat Enterprise Linux CoreOS (RHCOS) must allocate audit record storage capacity to store at least one weeks' worth of audit records, when audit records are not immediately sent to a central audit record storage facility.Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide V-257522CAT IIAll audit records must generate the event results within OpenShift.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-257558CAT IIIRed Hat Enterprise Linux CoreOS (RHCOS) must allocate audit record storage capacity to store at least one weeks' worth of audit records, when audit records are not immediately sent to a central audit record storage facility.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-251195CAT IIRedis Enterprise DBMS must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Redis Enterprise 6.x Security Technical Implementation Guide V-275457CAT IIIThe Riverbed NetIM must generate an alert of all audit failure events.Riverbed NetIM NDM Security Technical Implementation Guide V-261413CAT IISLEM 5 must allocate audit record storage capacity to store at least one week of audit records when audit records are not immediately sent to a central audit record storage facility.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217192CAT IIThe SUSE operating system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-219967CAT IIThe operating system must allocate audit record storage capacity.Solaris 11 SPARC Security Technical Implementation Guide V-219968CAT IThe operating system must configure auditing to reduce the likelihood of storage capacity being exceeded.Solaris 11 SPARC Security Technical Implementation Guide V-219995CAT IIThe operating system must allocate audit record storage capacity.Solaris 11 X86 Security Technical Implementation Guide V-219996CAT IThe operating system must configure auditing to reduce the likelihood of storage capacity being exceeded.Solaris 11 X86 Security Technical Implementation Guide V-279265CAT IIThe Edge SWG must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Symantec Edge SWG NDM Security Technical Implementation Guide V-241063CAT IIThe Tanium SQL Server RDBMS must be configured with sufficient free space to ensure audit logging is not impacted.Tanium 7.0 Security Technical Implementation Guide V-234122CAT IIThe Tanium SQL Server RDBMS must be configured with sufficient free space to ensure audit logging is not impacted.Tanium 7.3 Security Technical Implementation Guide V-254933CAT IIThe Tanium application must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-253791CAT IIThe Tanium application must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.Tanium 7.x Security Technical Implementation Guide V-253031CAT IITOSS must allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282529CAT IIITOSS 5 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282562CAT IITOSS 5 must allocate audit record storage capacity to store at least one week's worth of audit records.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-240076CAT IIHAProxy must be configured to use syslog.VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide V-265348CAT IThe NSX Manager must be configured to send logs to a central log server.VMware NSX 4.x Manager NDM Security Technical Implementation Guide V-240845CAT IItc Server ALL must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-241701CAT IItc Server ALL must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-256408CAT IIThe ESXi host must enable a persistent log location for all locally stored logs.VMware vSphere 7.0 ESXi Security Technical Implementation Guide V-256680CAT IIESX Agent Manager application files must be verified for their integrity.VMware vSphere 7.0 vCenter Appliance EAM Security Technical Implementation Guide V-256732CAT IILookup Service must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server.VMware vSphere 7.0 vCenter Appliance Lookup Service Security Technical Implementation Guide V-256639CAT IIPerformance Charts must properly configure log sizes and rotation.VMware vSphere 7.0 vCenter Appliance Perfcharts Security Technical Implementation Guide V-256527CAT IIThe Photon operating system must configure auditd to keep five rotated log files.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256528CAT IIThe Photon operating system must configure auditd to keep logging in the event max log file size is reached.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256752CAT IIThe Security Token Service application files must be verified for their integrity.VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide V-256805CAT IIvSphere UI must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server.VMware vSphere 7.0 vCenter Appliance UI Security Technical Implementation Guide V-258743CAT IIThe ESXi host must allocate audit record storage capacity to store at least one week's worth of audit records.VMware vSphere 8.0 ESXi Security Technical Implementation Guide V-258797CAT IIThe ESXi host must configure a persistent log location for all locally stored logs.VMware vSphere 8.0 ESXi Security Technical Implementation Guide V-258844CAT IIIThe Photon operating system must allocate audit record storage capacity to store audit records when audit records are not immediately sent to a central audit record storage facility.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-207452CAT IIThe VMM must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility.Virtual Machine Manager Security Requirements Guide V-206421CAT IIThe web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server.Web Server Security Requirements Guide V-73553CAT IIThe Application event log size must be configured to 32768 KB or greater.Windows Server 2016 Security Technical Implementation Guide V-73553CAT IIThe Application event log size must be configured to 32768 KB or greater.Windows Server 2016 Security Technical Implementation Guide V-73555CAT IIThe Security event log size must be configured to 196608 KB or greater.Windows Server 2016 Security Technical Implementation Guide V-73555CAT IIThe Security event log size must be configured to 196608 KB or greater.Windows Server 2016 Security Technical Implementation Guide V-73557CAT IIThe System event log size must be configured to 32768 KB or greater.Windows Server 2016 Security Technical Implementation Guide V-73557CAT IIThe System event log size must be configured to 32768 KB or greater.Windows Server 2016 Security Technical Implementation Guide V-93177CAT IIWindows Server 2019 Application event log size must be configured to 32768 KB or greater.Windows Server 2019 Security Technical Implementation Guide V-93179CAT IIWindows Server 2019 Security event log size must be configured to 196608 KB or greater.Windows Server 2019 Security Technical Implementation Guide V-93181CAT IIWindows Server 2019 System event log size must be configured to 32768 KB or greater.Windows Server 2019 Security Technical Implementation Guide