| 4.1.2.5 Ensure system is disabled when audit logs are full - at a minimum via email when the threshold for the repository maximum audit record storage capacity is reached. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.5 Ensure system is disabled when audit logs are full - at a minimum when the threshold for the repository maximum audit record storage capacity is reached. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000305 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-14-001030 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001030 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001030 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-12-001030 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple macOS 12 v1r8 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001030 - The macOS system must configure audit capacity warning. | DISA Apple macOS 14 (Sonoma) STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity. | DISA STIG IBM DB2 v10.5 LUW v1r4 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| EPAS-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity. | EnterpriseDB PostgreSQL Advanced Server DB v1r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| GEN002719 - The audit system must alert the SA in the event of an audit processing failure. | DISA STIG Solaris 10 SPARC v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002719 - The audit system must alert the SA in the event of an audit processing failure. | DISA STIG Solaris 10 X86 v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002719 - The audit system must alert the SA in the event of an audit processing failure. | DISA STIG Solaris 10 SPARC v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002719 - The audit system must alert the SA in the event of an audit processing failure. | DISA STIG Solaris 10 X86 v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - 'action_mail_account' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - 'space_left_action' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warn | DISA STIG Solaris 10 X86 v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warn | DISA STIG Solaris 10 SPARC v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warn | DISA STIG Solaris 10 X86 v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warn | DISA STIG Solaris 10 SPARC v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warn | DISA STIG Solaris 10 X86 v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warn | DISA STIG Solaris 10 SPARC v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfree | DISA STIG Solaris 10 X86 v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfree | DISA STIG Solaris 10 SPARC v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfree | DISA STIG Solaris 10 X86 v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfree | DISA STIG Solaris 10 SPARC v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfree | DISA STIG Solaris 10 SPARC v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfree | DISA STIG Solaris 10 X86 v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| MD4X-00-005000 - MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity. | DISA STIG MongoDB Enterprise Advanced 4.x v1r3 OS | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-009800 - The MySQL Database Server 8.0 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity. | DISA Oracle MySQL 8.0 v1r5 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| O112-C2-008200 - The DBMS itself, or the logging or alerting mechanism the application utilizes, must provide a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity. | DISA STIG Oracle 11.2g v2r4 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| OL6-00-000311 - The audit system must provide a warning when allocated audit record storage volume reaches a documented percentage of maximum audit record storage capacity. | DISA STIG Oracle Linux 6 v1r17 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030340 - The Oracle Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when the threshold for the repository maximum audit record storage capacity is reached - at a minimum via email when the threshold for the repository maximum audit record storage capacity is reached. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030350 - The Oracle Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when the threshold for the repository maximum audit record storage capacity is reached - at a minimum when the threshold for the repository maximum audit record storage capacity is reached. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY |
| PANW-NM-000096 - The Palo Alto Networks security platform must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity. | DISA STIG Palo Alto NDM v1r4 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| PGS9-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity - capacity | DISA STIG PostgreSQL 9.x on RHEL OS v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000060 - The Photon operating system must configure auditd to log space limit problems to syslog. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030340 - The Red Hat Enterprise Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when the threshold for the repository maximum audit record storage capacity is reached. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030350 - The Red Hat Enterprise Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when the threshold for the repository maximum audit record storage capacity is reached. | DISA Red Hat Enterprise Linux 7 STIG v3r14 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030730 - RHEL 8 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity. | DISA Red Hat Enterprise Linux 8 STIG v1r14 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030731 - RHEL 8 must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume 75 percent utilization. | DISA Red Hat Enterprise Linux 8 STIG v1r14 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653035 - RHEL 9 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653045 - RHEL 9 must take action when allocated audit record storage volume reaches 95 percent of the audit record storage capacity. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653070 - RHEL 9 System Administrator (SA) and/or information system security officer (ISSO) (at a minimum) must be alerted of an audit processing failure event. | DISA Red Hat Enterprise Linux 9 STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020030 - The SUSE operating system auditd service must notify the System Administrator (SA) and Information System Security Officer (ISSO) immediately when audit storage capacity is 75 percent full. | DISA SLES 12 STIG v2r13 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010370 - The audit system must alert the SA when the audit storage volume approaches its capacity. | DISA STIG Solaris 11 SPARC v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL2-00-012600 - SQL Server itself, or the logging or alerting mechanism the application utilizes, must provide a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020021 - The Ubuntu operating system must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity. | DISA STIG Ubuntu 16.04 LTS v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020030 - The Ubuntu operating system must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity - action_mail_acct | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010217 - The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity. | DISA STIG Ubuntu 20.04 LTS v1r12 | Unix | AUDIT AND ACCOUNTABILITY |
