800-53|AU-5b.

Title

RESPONSE TO AUDIT PROCESSING FAILURES

Description

Takes the following additional actions: [Assignment: organization-defined actions to be taken (e.g., shut down information system, overwrite oldest audit records, stop generating audit records)].

Reference Item Details

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
4.6 Ensure audit system action is defined for sending errorsUnixCIS Amazon Linux 2 STIG v1.0.0 L3
4.9 Ensure action is taken when audisp-remote buffer is fullUnixCIS Amazon Linux 2 STIG v1.0.0 L3
AOSX-13-001355 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 11 v1r5
APPL-11-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 11 v1r8
APPL-12-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 12 v1r9
APPL-13-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 13 v1r4
APPL-14-001010 - The macOS system must configure system to shut down upon audit failure.UnixDISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-001031 - The macOS system must configure audit failure notification.UnixDISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-15-001010 - The macOS system must be configured to shut down upon audit failure.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-001031 - The macOS system must configure audit failure notification.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
CASA-FW-000090 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - Buffer EnabledCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000090 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - QueueCiscoDISA STIG Cisco ASA FW v2r1
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
CD12-00-002800 - PostgreSQL must be configurable to overwrite audit log records, oldest first (First-In-First-Out [FIFO]), in the event of unavailability of space for more audit log records.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
CD12-00-002900 - PostgreSQL must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
DB2X-00-001900 - Unless it has been determined that availability is paramount, DB2 must, upon audit failure, cease all auditable activity.IBM_DB2DBDISA STIG IBM DB2 v10.5 LUW v2r1 Database
DTAM036 - McAfee VirusScan On-Delivery Email Scan Policies log file size must be restricted and be configured to be at least 10MB - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM036 - McAfee VirusScan On-Delivery Email Scan Policies log file size must be restricted and be configured to be at least 10MB - dwMaxLogSizeMBWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM036 - McAfee VirusScan On-Delivery Email Scanner log file size must be restricted and be configured to be at least 10MB - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM036 - McAfee VirusScan On-Delivery Email Scanner log file size must be restricted and be configured to be at least 10MB - dwMaxLogSizeMBWindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM140 - McAfee VirusScan Access Protection log file size must be restricted and be configured to at least 10MB - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM140 - McAfee VirusScan Access Protection log file size must be restricted and be configured to at least 10MB - dwMaxLogSizeMBWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM140 - McAfee VirusScan Access Protection Reports log file size must be restricted and be configured to at least 10MB. - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM140 - McAfee VirusScan Access Protection Reports log file size must be restricted and be configured to at least 10MB. - dwMaxLogSizeMBWindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
EP11-00-002300 - The EDB Postgres Advanced Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4
EP11-00-002400 - The EDB Postgres Advanced Server must be configurable to overwrite audit log records, oldest first (First-In-First-Out - FIFO), in the event of unavailability of space for more audit log records.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4
EPAS-00-002300 - The EDB Postgres Advanced Server must, by default, shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.UnixEnterpriseDB PostgreSQL Advanced Server OS Linux v2r1
EPAS-00-002400 - The EDB Postgres Advanced Server must be configurable to overwrite audit log records, oldest first (First-In-First-Out [FIFO]), in the event of unavailability of space for more audit log records.UnixEnterpriseDB PostgreSQL Advanced Server OS Linux v2r1
FNFG-FW-000045 - In the event that communication with the central audit server is lost, the FortiGate firewall must continue to queue traffic log records locally. - disk status|diskfullFortiGateDISA Fortigate Firewall STIG v1r3
FNFG-FW-000045 - In the event that communication with the central audit server is lost, the FortiGate firewall must continue to queue traffic log records locally. - fortianalyzer|syslogd serverFortiGateDISA Fortigate Firewall STIG v1r3