| AOSX-14-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern). | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-12-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern). | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-13-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern). | DISA STIG Apple macOS 13 v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001010 - The macOS system must configure system to shut down upon audit failure. | DISA Apple macOS 14 (Sonoma) STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| CASA-FW-000090 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - Queue | DISA STIG Cisco ASA FW v2r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CD12-00-002800 - PostgreSQL must be configurable to overwrite audit log records, oldest first (First-In-First-Out [FIFO]), in the event of unavailability of space for more audit log records. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| DB2X-00-001900 - Unless it has been determined that availability is paramount, DB2 must, upon audit failure, cease all auditable activity. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| DTAM036 - McAfee VirusScan On-Delivery Email Scan Policies log file size must be restricted and be configured to be at least 10MB - bLimitSize | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | AUDIT AND ACCOUNTABILITY |
| DTAM036 - McAfee VirusScan On-Delivery Email Scan Policies log file size must be restricted and be configured to be at least 10MB - dwMaxLogSizeMB | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | AUDIT AND ACCOUNTABILITY |
| DTAM036 - McAfee VirusScan On-Delivery Email Scanner log file size must be restricted and be configured to be at least 10MB - bLimitSize | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | AUDIT AND ACCOUNTABILITY |
| DTAM036 - McAfee VirusScan On-Delivery Email Scanner log file size must be restricted and be configured to be at least 10MB - dwMaxLogSizeMB | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | AUDIT AND ACCOUNTABILITY |
| DTAM140 - McAfee VirusScan Access Protection log file size must be restricted and be configured to at least 10MB - bLimitSize | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | AUDIT AND ACCOUNTABILITY |
| DTAM140 - McAfee VirusScan Access Protection log file size must be restricted and be configured to at least 10MB - dwMaxLogSizeMB | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | AUDIT AND ACCOUNTABILITY |
| DTAM140 - McAfee VirusScan Access Protection Reports log file size must be restricted and be configured to at least 10MB. - bLimitSize | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | AUDIT AND ACCOUNTABILITY |
| DTAM140 - McAfee VirusScan Access Protection Reports log file size must be restricted and be configured to at least 10MB. - dwMaxLogSizeMB | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | AUDIT AND ACCOUNTABILITY |
| EP11-00-002300 - The EDB Postgres Advanced Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| EP11-00-002400 - The EDB Postgres Advanced Server must be configurable to overwrite audit log records, oldest first (First-In-First-Out - FIFO), in the event of unavailability of space for more audit log records. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000045 - In the event that communication with the central audit server is lost, the FortiGate firewall must continue to queue traffic log records locally. - disk status|diskfull | DISA Fortigate Firewall STIG v1r3 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000045 - In the event that communication with the central audit server is lost, the FortiGate firewall must continue to queue traffic log records locally. - fortianalyzer|syslogd server | DISA Fortigate Firewall STIG v1r3 | FortiGate | AUDIT AND ACCOUNTABILITY |
| JUSX-AG-000063 - In the event that communications with the Syslog server is lost, the Juniper SRX Services Gateway must continue to queue traffic log records locally. | DISA Juniper SRX Services Gateway ALG v3r1 | Juniper | AUDIT AND ACCOUNTABILITY |
| OL6-00-000510 - The audit system must take appropriate action when the audit storage volume is full. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000511 - The audit system must take appropriate action when there are disk errors on the audit storage volume. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030040 - The OL 8 System must take appropriate action when an audit processing failure occurs. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030060 - The OL 8 audit system must take appropriate action when the audit storage volume is full. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000014 - The Photon operating system audit log must attempt to log audit failures to syslog - admin_space_left_action | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000014 - The Photon operating system audit log must attempt to log audit failures to syslog - disk_error_action | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-002400 - The EDB Postgres Advanced Server must be configurable to overwrite audit log records, oldest first (First-In-First-Out - FIFO), in the event of unavailability of space for more audit log records. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000510 - The audit system must take appropriate action when the audit storage volume is full. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000511 - The audit system must take appropriate action when there are disk errors on the audit storage volume. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030040 - The RHEL 8 System must take appropriate action when an audit processing failure occurs. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030060 - The RHEL 8 audit system must take appropriate action when the audit storage volume is full. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653055 - RHEL 9 audit system must take appropriate action when the audit files have reached maximum size. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-654265 - RHEL 9 must take appropriate action when a critical audit processing failure occurs. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020060 - The SUSE operating system audit system must take appropriate action when the audit storage volume is full. | DISA SLES 12 STIG v2r13 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010420 - The operating system must shut down by default upon audit failure (unless availability is an overriding concern). | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL4-00-013000 - Unless it has been determined that availability is paramount, SQL Server must shut down upon the failure of an Audit, or a Trace used for auditing purposes, to include the unavailability of space for more audit/trace log records. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-030600 - Where availability is paramount, the SQL Server must continue processing (preferably overwriting existing records, oldest first), in the event of lack of space for more Audit/Trace log records; and must keep processing after any failure of an Audit/Trace. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-005600 - SQL Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure. | DISA STIG SQL Server 2016 Instance DB Audit v3r1 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-005700 - SQL Server must be configurable to overwrite audit log records, oldest first (First-In-First-Out - FIFO), in the event of unavailability of space for more audit log records. | DISA STIG SQL Server 2016 Instance DB Audit v3r1 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020050 - The System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted when the audit storage volume is full. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPG-67-000004 - VMware Postgres must be configured to overwrite older logs when necessary. | DISA STIG VMware vSphere 6.7 PostgreSQL v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPG-70-000004 - VMware Postgres must be configured to overwrite older logs when necessary. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000086 - Oracle WebLogic must notify administrative personnel as a group in the event of audit processing failure - Module-HealthState | Oracle WebLogic Server 12c Windows v2r1 | Windows | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000086 - Oracle WebLogic must notify administrative personnel as a group in the event of audit processing failure - Module-HealthState | Oracle WebLogic Server 12c Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000086 - Oracle WebLogic must notify administrative personnel as a group in the event of audit processing failure - SMTP Notification | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000086 - Oracle WebLogic must notify administrative personnel as a group in the event of audit processing failure - SMTP Notification | Oracle WebLogic Server 12c Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000660 - The WebSphere Application Server must shut down by default upon log failure (unless availability is an overriding concern). | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WNFWA-000009 - Windows Defender Firewall with Advanced Security log size must be configured for domain connections. | DISA Microsoft Windows Firewall v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| WNFWA-000017 - Windows Defender Firewall with Advanced Security log size must be configured for private network connections. | DISA Microsoft Windows Firewall v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| WNFWA-000027 - Windows Defender Firewall with Advanced Security log size must be configured for public network connections. | DISA Microsoft Windows Firewall v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
