OpenControls Logo

STIG Viewer

The vCenter server must have task and event retention set to at least 30 days.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-258959VCSA-80-000293SV-258959r934535_ruleCCI-000366medium
Description
vCenter tasks and events contain valuable historical actions, useful in troubleshooting availability issues and for incident forensics. While vCenter events are sent to central log servers in real time, it is important that administrators have quick access to this information when needed. vCenter retains 30 days of tasks and events by default, and this is sufficient for most purposes. The vCenter disk partitions are also sized with this in mind. Decreasing is not recommended for operational reasons, while increasing is not recommended unless guided by VMware support due to the partition sizing concerns.
STIGDate
VMware vSphere 8.0 vCenter Security Technical Implementation Guide2023-10-11

Related Frameworks

4 paths across 3 frameworks
NIST 800-531 mapping
CM-6
1.00
  • DISA · V1R1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
  • DISA · V1R1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
  • DISA · V1R1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
  • DISA · V1R1 · disa_xccdf · related

Details

Check Text (C-258959r934535_chk)

From the vSphere Client, go to Host and Clusters. Select a vCenter Server >> Configure >> Settings >> General. Click to expand the "Database" section. Note the "Task retention" and "Event retention" values. If either value is configured to less than "30" days, this is a finding.

Fix Text (F-62608r934534_fix)

From the vSphere Client, go to Host and Clusters. Select a vCenter Server >> Configure >> Settings >> General. Click "Edit". On the "Database" tab, set the value for both "Task retention" and "Event retention" to "30" days (default) or greater, as required by your site. Click "Save".