STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Application Server Security Requirements Guide

V-204788

CAT II (Medium)

The application server must allocate log record storage capacity in accordance with organization-defined log record storage requirements.

Rule ID

SV-204788r961392_rule

STIG

Application Server Security Requirements Guide

Version

V4R4

CCIs

CCI-001849

Discussion

The proper management of log records not only dictates proper archiving processes and procedures be established, it also requires allocating enough storage space to maintain the logs online for a defined period of time. If adequate online log storage capacity is not maintained, intrusion monitoring, security investigations, and forensic analysis can be negatively affected. It is important to keep a defined amount of logs online and readily available for investigative purposes. The logs may be stored on the application server until they can be archived to a log system or, in some instances, a Storage Area Networks (SAN). Regardless of the method used, log record storage capacity must be sufficient to store log data when the data cannot be offloaded to a log system or SAN.

Check Content

Review the application server documentation and configuration to determine if the application server creates log storage to buffer log data until offloading to a log data storage facility.

If the application server does not allocate storage for log data, this is a finding.

Fix Text

Configure the application server to allocate storage for log data before offloading to a log data storage facility.