STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vSphere 7.0 vCenter Security Technical Implementation Guide

V-256373

CAT II (Medium)

vCenter task and event retention must be set to at least 30 days.

Rule ID

SV-256373r885730_rule

STIG

VMware vSphere 7.0 vCenter Security Technical Implementation Guide

Version

V1R3

CCIs

CCI-000366

Discussion

vCenter tasks and events contain valuable historical actions, useful in troubleshooting availability issues and for incident forensics. While vCenter events are sent to central log servers in real time, it is important that administrators have quick access to this information when needed. vCenter retains 30 days of tasks and events by default, and this is sufficient for most purposes. The vCenter disk partitions are also sized with this in mind. Decreasing is not recommended for operational reasons, while increasing is not recommended unless guided by VMware support due to the partition sizing concerns.

Check Content

From the vSphere Client, go to Host and Clusters.

Select a vCenter Server >> Configure >> Settings >> General.

Click to expand the "Database" section.

Note the "Task retention" and "Event retention" values.

If either value is configured to less than "30" days, this is a finding.

Fix Text

From the vSphere Client, go to Host and Clusters.

Select a vCenter Server >> Configure >> Settings >> General.

Click "Edit".

On the "Database" tab, set the value for both "Task retention" and "Event retention" to "30" days (default) or greater, as required by the site.

Click "Save".