STIG 1 of 10: WN11-AU-000500
Application Event Log Size
Requirement: The Application event log size must be configured to 32768 KB or greater.
π STIG Information
| Property | Value |
|---|---|
| STIG ID | WN11-AU-000500 |
| Rule ID | SV-253337r958752_rule |
| Vuln ID | V-253337 |
| Severity | CAT II (Medium) |
| CCI | CCI-001849 |
π Compliance Framework Mapping
| Framework | Control ID | Description |
|---|---|---|
| NIST 800-53 | AU-4 | Audit Log Storage Capacity |
| NIST CSF | PR.DS-4, PR.PT-1 | Data Security, Audit Logging |
| ISO 27001:2022 | A.8.6 | Capacity Management |
| HIPAA | 164.306(a)(1) | Security Standards, Audit Controls |
| GDPR | 32.1.b | Security of Processing |
Why This Matters
Adequate log storage ensures the system retains sufficient audit records to support incident investigation and forensic analysis. Without proper log sizing, critical security events may be overwritten before administrators can review them, potentially allowing malicious activity to go undetected.
π§ Remediation Summary
| Setting | Value |
|---|---|
| Registry Path | HKLM:\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application |
| Value Name | MaxSize |
| Required Value | 32768 (DWORD) |
Remediation Walkthrough
Step 1: Initial Scan β FAILED β
Ran Tenable compliance scan with Windows 11 STIG audit policy enabled.
Result: The Application event log size check FAILED for target host.
Step 2: Verify Current Configuration
Checked the current Application log maximum size using PowerShell.
Command:
wevtutil gl Application | Select-String "maxSize"