| 3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold. | DISA Windows Server 2008 MS STIG v6r46 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold. | DISA Windows Server 2008 DC STIG v6r47 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold. | DISA Windows Server 2008 R2 MS STIG v1r33 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold. | DISA Windows 7 STIG v1r32 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold. | DISA Windows Server 2008 R2 DC STIG v1r34 | Windows | AUDIT AND ACCOUNTABILITY |
| AOSX-14-001030 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001030 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple Mac OSX 10.15 v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001030 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple Mac OSX 10.15 v1r7 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001030 - The macOS system must configure audit capacity warning. | DISA Apple macOS 14 (Sonoma) STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure. | DISA STIG Apache Server 2.4 Unix Server v2r7 | Unix | |
| AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure. | DISA STIG Apache Server 2.4 Unix Server v2r3 Middleware | Unix | |
| AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure. | DISA STIG Apache Server 2.4 Unix Server v2r5 | Unix | |
| AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure. | DISA STIG Apache Server 2.4 Unix Server v2r6 | Unix | |
| AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure. | DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware | Unix | |
| AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure. | DISA STIG Apache Server 2.4 Unix Server v2r3 | Unix | |
| AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure. | DISA STIG Apache Server 2.4 Unix Server v2r7 Middleware | Unix | |
| AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure. | DISA STIG Apache Server 2.4 Unix Server v2r5 Middleware | Unix | |
| F5BI-DM-000193 - The BIG-IP appliance must be configured to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity. | DISA F5 BIG-IP Device Management 11.x STIG v2r2 | F5 | |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warn | DISA STIG Solaris 10 SPARC v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warn | DISA STIG Solaris 10 X86 v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warn | DISA STIG Solaris 10 SPARC v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warn | DISA STIG Solaris 10 X86 v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warn | DISA STIG Solaris 10 SPARC v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warn | DISA STIG Solaris 10 X86 v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfree | DISA STIG Solaris 10 X86 v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfree | DISA STIG Solaris 10 SPARC v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfree | DISA STIG Solaris 10 SPARC v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfree | DISA STIG Solaris 10 SPARC v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfree | DISA STIG Solaris 10 X86 v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfree | DISA STIG Solaris 10 X86 v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030340 - The Oracle Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when the threshold for the repository maximum audit record storage capacity is reached - at a minimum via email when the threshold for the repository maximum audit record storage capacity is reached. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030350 - The Oracle Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when the threshold for the repository maximum audit record storage capacity is reached - at a minimum when the threshold for the repository maximum audit record storage capacity is reached. | DISA Oracle Linux 7 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030350 - The Oracle Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when the threshold for the repository maximum audit record storage capacity is reached - at a minimum when the threshold for the repository maximum audit record storage capacity is reached. | DISA Oracle Linux 7 STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030350 - The Oracle Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when the threshold for the repository maximum audit record storage capacity is reached - at a minimum when the threshold for the repository maximum audit record storage capacity is reached. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY |
| PANW-NM-000096 - The Palo Alto Networks security platform must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity. | DISA STIG Palo Alto NDM v2r2 | Palo_Alto | |
| PANW-NM-000096 - The Palo Alto Networks security platform must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity. | DISA STIG Palo Alto NDM v2r1 | Palo_Alto | |
| RHEL-07-030340 - The Red Hat Enterprise Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when the threshold for the repository maximum audit record storage capacity is reached. | DISA Red Hat Enterprise Linux 7 STIG v3r5 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030350 - The Red Hat Enterprise Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when the threshold for the repository maximum audit record storage capacity is reached. | DISA Red Hat Enterprise Linux 7 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030350 - The Red Hat Enterprise Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when the threshold for the repository maximum audit record storage capacity is reached. | DISA Red Hat Enterprise Linux 7 STIG v3r5 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030350 - The Red Hat Enterprise Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when the threshold for the repository maximum audit record storage capacity is reached. | DISA Red Hat Enterprise Linux 7 STIG v3r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653070 - RHEL 9 System Administrator (SA) and/or information system security officer (ISSO) (at a minimum) must be alerted of an audit processing failure event. | DISA Red Hat Enterprise Linux 9 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020030 - The SUSE operating system auditd service must notify the System Administrator (SA) and Information System Security Officer (ISSO) immediately when audit storage capacity is 75 percent full. | DISA SLES 12 STIG v2r13 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010370 - The audit system must alert the SA when the audit storage volume approaches its capacity. | DISA STIG Solaris 11 SPARC v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL4-00-033400 - SQL Server, the operating system, or the storage system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity. | DISA STIG SQL Server 2014 Instance DB Audit v2r3 | MS_SQLDB | |
| UBTU-16-020021 - The Ubuntu operating system must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity. | DISA STIG Ubuntu 16.04 LTS v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010006 - The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity - action_mail_acct | DISA STIG Ubuntu 18.04 LTS v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010006 - The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity - action_mail_acct | DISA STIG Ubuntu 18.04 LTS v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010006 - The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity - space_left_action syslog | DISA STIG Ubuntu 18.04 LTS v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010006 - The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity - space_left_action syslog | DISA STIG Ubuntu 18.04 LTS v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| WN08-SO-000049 - The system must generate an audit event when the audit log reaches a percentage of full threshold. | DISA Windows 8/8.1 STIG v1r23 | Windows | AUDIT AND ACCOUNTABILITY |
