STIG 2 of 10: WN11-AU-000510
System Event Log Size
Requirement: The System event log size must be configured to 32768 KB or greater.
π STIG Information
| Property | Value |
|---|---|
| STIG ID | WN11-AU-000510 |
| Rule ID | SV-253339r958752_rule |
| Vuln ID | V-253339 |
| Severity | CAT II (Medium) |
| CCI | CCI-001849 |
π Compliance Framework Mapping
| Framework | Control ID | Description |
|---|---|---|
| NIST 800-53 | AU-4 | Audit Log Storage Capacity |
| NIST CSF | PR.DS-4, PR.PT-1 | Data Security, Audit Logging |
| ISO 27001:2022 | A.8.6 | Capacity Management |
| HIPAA | 164.306(a)(1) | Security Standards, Audit Controls |
| GDPR | 32.1.b | Security of Processing |
Why This Matters
The System event log records critical operating system events including driver failures, hardware issues, and service state changes. Adequate log storage ensures these events are retained for troubleshooting and security analysis. Without proper sizing, important system events may be overwritten before investigation.
π§ Remediation Summary
| Setting | Value |
|---|---|
| Registry Path | HKLM:\SOFTWARE\Policies\Microsoft\Windows\EventLog\System |
| Value Name | MaxSize |
| Required Value | 32768 (DWORD) |
Remediation Walkthrough
Step 1: Initial Scan β FAILED β
Ran Tenable compliance scan with Windows 11 STIG audit policy enabled.
Result: The System event log size check FAILED for target host 172.203.31.183.
Step 2: Manual Remediation
Applied the fix using Windows Event Viewer GUI.
Process: