| AOSX-13-000305 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000310 - The macOS system must provide an immediate real-time alert to the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-14-001030 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001030 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| ARST-ND-000790 - The Arista network device must be configured to capture all DOD auditable events. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure. | DISA STIG Apache Server 2.4 Unix Server v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure. | DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001000 - The Cisco router must be configured to generate an alert for all audit failure events. | DISA STIG Cisco IOS Router NDM v3r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001000 - The Cisco router must be configured to generate an alert for all audit failure events. | DISA STIG Cisco IOS XE Router NDM v3r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001000 - The Cisco router must be configured to generate an alert for all audit failure events. | DISA STIG Cisco IOS-XR Router NDM v3r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001000 - The Cisco switch must be configured to generate an alert for all audit failure events. | DISA STIG Cisco IOS XE Switch NDM v3r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001000 - The Cisco switch must be configured to generate an alert for all audit failure events. | DISA STIG Cisco NX-OS Switch NDM v3r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001000 - The Cisco switch must be configured to generate an alert for all audit failure events. | DISA STIG Cisco IOS Switch NDM v3r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| DB2X-00-007700 - DB2 must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| DKER-EE-003330 - Log aggregation/SIEM systems must be configured to alarm when audit storage space for Docker Engine - Enterprise nodes exceed 75% usage. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| EP11-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| F5BI-DM-000193 - The BIG-IP appliance must be configured to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity. | DISA F5 BIG-IP Device Management STIG v2r3 | F5 | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - 'action_mail_account' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - 'space_left_action' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| JUNI-ND-000990 - The Juniper router must be configured to generate an alert for all audit failure events. | DISA STIG Juniper Router NDM v3r1 | Juniper | AUDIT AND ACCOUNTABILITY |
| MD3X-00-000630 - MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | AUDIT AND ACCOUNTABILITY |
| O112-C2-008200 - The DBMS itself, or the logging or alerting mechanism the application utilizes, must provide a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| O112-C2-008300 - The DBMS must provide a real-time alert when organization-defined audit failure events occur. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| O121-C2-008200 - The DBMS itself, or the logging or alerting mechanism the application utilizes, must provide a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity. | DISA STIG Oracle 12c v3r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| OL07-00-030340 - The Oracle Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when the threshold for the repository maximum audit record storage capacity is reached - at a minimum via email when the threshold for the repository maximum audit record storage capacity is reached. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030350 - The Oracle Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when the threshold for the repository maximum audit record storage capacity is reached - at a minimum when the threshold for the repository maximum audit record storage capacity is reached. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY |
| PANW-NM-000096 - The Palo Alto Networks security platform must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity. | DISA STIG Palo Alto NDM v3r1 | Palo_Alto | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| PANW-NM-000097 - The Palo Alto Networks security platform must have alarms enabled. | DISA STIG Palo Alto NDM v3r1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| PGS9-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity - alert | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity - capacity | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000005 - The audit system must alert designated staff members when the audit storage volume approaches capacity. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000163 - The audit system must switch the system to single-user mode when available audit storage volume becomes dangerously low. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020030 - The SUSE operating system auditd service must notify the System Administrator (SA) and Information System Security Officer (ISSO) immediately when audit storage capacity is 75 percent full. | DISA SLES 12 STIG v2r13 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010370 - The audit system must alert the SA when the audit storage volume approaches its capacity. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010370 - The audit system must alert the SA when the audit storage volume approaches its capacity. | DISA STIG Solaris 11 SPARC v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010380 - The audit system must alert the System Administrator (SA) if there is any type of audit failure. | DISA STIG Solaris 11 SPARC v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010380 - The audit system must alert the System Administrator (SA) if there is any type of audit failure. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000290 - Splunk Enterprise must be configured to send an immediate alert to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000300 - Splunk Enterprise must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) of all audit failure events, such as loss of communications with hosts and devices, or if log records are no longer being received. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000310 - Splunk Enterprise must notify the System Administrator (SA) or Information System Security Officer (ISSO) if communication with the host and devices within its scope of coverage is lost. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| SQL4-00-033400 - SQL Server, the operating system, or the storage system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-033500 - SQL Server or software monitoring SQL Server must provide an immediate real-time alert to appropriate support staff of all audit log failures. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-011000 - SQL Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity. | DISA STIG SQL Server 2016 Instance DB Audit v3r1 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-011100 - SQL Server must provide an immediate real-time alert to appropriate support staff of all audit log failures. | DISA STIG SQL Server 2016 Instance DB Audit v3r1 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020021 - The Ubuntu operating system must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020030 - The Ubuntu operating system must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity - action_mail_acct | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010006 - The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
| VCSA-70-000150 - vCenter must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| VCSA-80-000150 The vCenter server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts. | DISA VMware vSphere 8.0 vCenter STIG v2r1 | VMware | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
