Detections
Analytics

800-53|AU-4

Title

AUDIT STORAGE CAPACITY

Description

The organization allocates audit record storage capacity in accordance with [Assignment: organization-defined audit record storage requirements].

Supplemental

Organizations consider the types of auditing to be performed and the audit processing requirements when allocating audit storage capacity. Allocating sufficient audit storage capacity reduces the likelihood of such capacity being exceeded and resulting in the potential loss or reduction of auditing capability.

Reference Item Details

Related: AU-11,AU-2,AU-5,AU-6,AU-7,SI-4

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.9.4 Set 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' to '<= 0.9'WindowsCIS Windows 8 L1 v1.0.0
1.1.10 Ensure separate partition exists for /var/logUnixCIS Debian 8 Server L2 v2.0.2
1.1.10 Ensure separate partition exists for /var/logUnixCIS Debian 8 Workstation L2 v2.0.2
1.1.11 Ensure separate partition exists for /var/logUnixCIS CentOS 6 Server L2 v3.0.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS Amazon Linux v2.1.0 L2
1.1.11 Ensure separate partition exists for /var/logUnixCIS Oracle Linux 6 Server L2 v2.0.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS Debian Family Server L2 v1.0.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS CentOS 6 Workstation L2 v3.0.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1
1.1.11 Ensure separate partition exists for /var/logUnixCIS SUSE Linux Enterprise Server 11 L2 v2.1.1
1.1.11 Ensure separate partition exists for /var/logUnixCIS Oracle Linux 6 Workstation L2 v2.0.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS Debian Family Workstation L2 v1.0.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS Red Hat 6 Workstation L2 v3.0.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS Red Hat 6 Server L2 v3.0.0
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Debian 8 Server L2 v2.0.2
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Debian 8 Workstation L2 v2.0.2
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS CentOS 6 Workstation L2 v3.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Red Hat 6 Workstation L2 v3.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Amazon Linux v2.1.0 L2
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Debian Family Workstation L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS CentOS 6 Server L2 v3.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Debian Family Server L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS SUSE Linux Enterprise Server 11 L2 v2.1.1
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Oracle Linux 6 Server L2 v2.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Oracle Linux 6 Workstation L2 v2.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Red Hat 6 Server L2 v3.0.0
1.1.15 Ensure separate partition exists for /var/logUnixCIS Fedora 19 Family Linux Server L2 v1.0.0
1.1.15 Ensure separate partition exists for /var/logUnixCIS Fedora 19 Family Linux Workstation L2 v1.0.0
1.1.15 Ensure separate partition exists for /var/logUnixCIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0
1.1.15 Ensure separate partition exists for /var/logUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server
1.1.15 Ensure separate partition exists for /var/logUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation
1.1.15 Ensure separate partition exists for /var/logUnixCIS Ubuntu Linux 16.04 LTS Server L2 v2.0.0
1.1.15 Ensure that the --audit-log-maxage argument is set to 30 or as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Fedora 19 Family Linux Server L2 v1.0.0
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 16.04 LTS Server L2 v2.0.0
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Fedora 19 Family Linux Workstation L2 v1.0.0
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation
1.1.16 Ensure that the --audit-log-maxage argument is set to 30 or as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.16 Ensure that the --audit-log-maxage argument is set to 30 or as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.16 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.17 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.17 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.18 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1