CCI|CCI-000139

Title

Alert organization-defined personnel or roles within an organization-defined time period in the event of an audit logging process failure.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.	Windows	DISA Windows Vista STIG v6r41
4.1.2.10 Ensure the auditing processing failures are handled - System Administrator [SA] and Information System Security Officer [ISSO] at a minimum in the event of an audit processing failure.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002008 - AIX must be configured to generate an audit record when 75% of the audit file system is full.	Unix	DISA STIG AIX 7.x v2r9
APPL-14-001030 - The macOS system must configure audit capacity warning.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-15-001030 - The macOS system must configure audit capacity warning.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-W1-000160 - The Apache web server must use a logging mechanism that is configured to alert the (ISSO) and System Administrator (SA) in the event of a processing failure.	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000160 - The Apache web server must use a logging mechanism that is configured to alert the (ISSO) and System Administrator (SA) in the event of a processing failure.	Windows	DISA STIG Apache Server 2.4 Windows Server v3r1
Big Sur - Alert Audit Processing Failure	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Alert Audit Processing Failure	Unix	NIST macOS Catalina v1.5.0 - All Profiles
DKER-EE-001590 - Docker Enterprise must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v2r2
F5BI-DM-000067 - The BIG-IP appliance must be configured to alert the ISSO and SA (at a minimum) in the event of an audit processing failure.	F5	DISA F5 BIG-IP Device Management STIG v2r3
GEN002719 - The audit system must alert the SA in the event of an audit processing failure - '/etc/audit/auditd.conf disk_error_action'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002719 - The audit system must alert the SA in the event of an audit processing failure - '/etc/audit/auditd.conf disk_error_action'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002719 - The audit system must alert the SA in the event of an audit processing failure - '/etc/audit/auditd.conf disk_full_action'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002719 - The audit system must alert the SA in the event of an audit processing failure - '/etc/audit/auditd.conf disk_full_action'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002719 - The audit system must alert the SA in the event of an audit processing failure.	Unix	DISA STIG Solaris 10 X86 v2r4
GEN002719 - The audit system must alert the SA in the event of an audit processing failure.	Unix	DISA STIG Solaris 10 SPARC v2r4
IIST-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 10.0 website must be enabled.	Windows	DISA IIS 10.0 Site v2r9
IIST-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled.	Windows	DISA IIS 10.0 Server v2r10
IIST-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled.	Windows	DISA IIS 10.0 Server v3r1
IISW-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 8.5 website must be enabled.	Windows	DISA IIS 8.5 Site v2r9
IISW-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 8.5 web server must be enabled.	Windows	DISA IIS 8.5 Server v2r7
Monterey - Alert Audit Processing Failure	Unix	NIST macOS Monterey v1.0.0 - All Profiles
OL6-00-000313 - The audit system must identify staff members to receive notifications of audit log storage volume capacity issues.	Unix	DISA STIG Oracle Linux 6 v2r7
OL08-00-030020 - The OL 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.	Unix	DISA Oracle Linux 8 STIG v2r1
OL08-00-030030 - The OL 8 Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure.	Unix	DISA Oracle Linux 8 STIG v2r1
PHTN-30-000014 - The Photon operating system audit log must log space limit problems to syslog.	Unix	DISA STIG VMware vSphere 7.0 Photon OS v1r3
PHTN-40-000021 The Photon operating system must alert the ISSO and SA in the event of an audit processing failure.	Unix	DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1
PHTN-67-000013 - The Photon operating system audit log must log space limit problems to syslog.	Unix	DISA STIG VMware vSphere 6.7 Photon OS v1r6
RHEL-06-000313 - The audit system must identify staff members to receive notifications of audit log storage volume capacity issues.	Unix	DISA Red Hat Enterprise Linux 6 STIG v2r2
RHEL-08-030020 - The RHEL 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.	Unix	DISA Red Hat Enterprise Linux 8 STIG v2r1
RHEL-08-030030 - The RHEL 8 Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure.	Unix	DISA Red Hat Enterprise Linux 8 STIG v2r1
RHEL-09-252060 - RHEL 9 must forward mail from postmaster to the root account using a postfix alias.	Unix	DISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-653070 - RHEL 9 System Administrator (SA) and/or information system security officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.	Unix	DISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-653125 - RHEL 9 must have mail aliases to notify the information system security officer (ISSO) and system administrator (SA) (at a minimum) in the event of an audit processing failure.	Unix	DISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-654265 - RHEL 9 must take appropriate action when a critical audit processing failure occurs.	Unix	DISA Red Hat Enterprise Linux 9 STIG v2r2
SLES-12-020040 - The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must be alerted of a SUSE operating system audit processing failure event.	Unix	DISA SLES 12 STIG v2r13
SLES-12-020050 - The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must have mail aliases to be notified of a SUSE operating system audit processing failure.	Unix	DISA SLES 12 STIG v2r13
SLES-15-030570 - The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must be alerted of a SUSE operating system audit processing failure event.	Unix	DISA SLES 15 STIG v2r1
SLES-15-030580 - The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must have mail aliases to be notified of a SUSE operating system audit processing failure.	Unix	DISA SLES 15 STIG v2r1
SOL-11.1-010390 - The operating system must alert designated organizational officials in the event of an audit processing failure.	Unix	DISA STIG Solaris 11 SPARC v3r1
SOL-11.1-010390 - The operating system must alert designated organizational officials in the event of an audit processing failure.	Unix	DISA STIG Solaris 11 X86 v3r1
TCAT-AS-001731 - The application server must alert the system administrator (SA) and information system security offer (ISSO), at a minimum, in the event of a log processing failure.	Unix	DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware
UBTU-16-020040 - The System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.	Unix	DISA STIG Ubuntu 16.04 LTS v2r3
UBTU-16-030700 - The Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure.	Unix	DISA STIG Ubuntu 16.04 LTS v2r3
UBTU-18-010300 - The Ubuntu operating system must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.	Unix	DISA STIG Ubuntu 18.04 LTS v2r15
UBTU-20-010117 - The Ubuntu operating system must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.	Unix	DISA STIG Ubuntu 20.04 LTS v2r1
UBTU-22-653025 - Ubuntu 22.04 LTS must alert the information system security officer (ISSO) and system administrator (SA) in the event of an audit processing failure.	Unix	DISA STIG Canonical Ubuntu 22.04 LTS v2r2

Detections

Analytics

CCI|CCI-000139

Title

Reference Item Details

Audit Items