Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-000139
CCI
CCI|CCI-000139
Title
Alert organization-defined personnel or roles within an organization-defined time period in the event of an audit logging process failure.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.
Windows
DISA Windows Vista STIG v6r41
4.1.2.10 Ensure the auditing processing failures are handled - System Administrator [SA] and Information System Security Officer [ISSO] at a minimum in the event of an audit processing failure.
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002008 - AIX must be configured to generate an audit record when 75% of the audit file system is full.
Unix
DISA STIG AIX 7.x v3r1
APPL-14-001030 - The macOS system must configure audit capacity warning.
Unix
DISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-001030 - The macOS system must configure audit capacity warning.
Unix
DISA Apple macOS 15 (Sequoia) STIG v1r1
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-W1-000160 - The Apache web server must use a logging mechanism that is configured to alert the (ISSO) and System Administrator (SA) in the event of a processing failure.
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000160 - The Apache web server must use a logging mechanism that is configured to alert the (ISSO) and System Administrator (SA) in the event of a processing failure.
Windows
DISA STIG Apache Server 2.4 Windows Server v3r1
Big Sur - Alert Audit Processing Failure
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Alert Audit Processing Failure
Unix
NIST macOS Catalina v1.5.0 - All Profiles
DKER-EE-001590 - Docker Enterprise must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix v2r2
F5BI-DM-000067 - The BIG-IP appliance must be configured to alert the ISSO and SA (at a minimum) in the event of an audit processing failure.
F5
DISA F5 BIG-IP Device Management STIG v2r3
GEN002719 - The audit system must alert the SA in the event of an audit processing failure - '/etc/audit/auditd.conf disk_error_action'
Unix
DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002719 - The audit system must alert the SA in the event of an audit processing failure - '/etc/audit/auditd.conf disk_error_action'
Unix
DISA STIG for Oracle Linux 5 v2r1
GEN002719 - The audit system must alert the SA in the event of an audit processing failure - '/etc/audit/auditd.conf disk_full_action'
Unix
DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002719 - The audit system must alert the SA in the event of an audit processing failure - '/etc/audit/auditd.conf disk_full_action'
Unix
DISA STIG for Oracle Linux 5 v2r1
GEN002719 - The audit system must alert the SA in the event of an audit processing failure.
Unix
DISA STIG Solaris 10 X86 v2r4
GEN002719 - The audit system must alert the SA in the event of an audit processing failure.
Unix
DISA STIG Solaris 10 SPARC v2r4
IIST-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 10.0 website must be enabled.
Windows
DISA IIS 10.0 Site v2r10
IIST-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled.
Windows
DISA IIS 10.0 Server v2r10
IIST-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled.
Windows
DISA IIS 10.0 Server v3r2
IISW-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 8.5 website must be enabled.
Windows
DISA IIS 8.5 Site v2r9
IISW-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 8.5 web server must be enabled.
Windows
DISA IIS 8.5 Server v2r7
Monterey - Alert Audit Processing Failure
Unix
NIST macOS Monterey v1.0.0 - All Profiles
OL6-00-000313 - The audit system must identify staff members to receive notifications of audit log storage volume capacity issues.
Unix
DISA STIG Oracle Linux 6 v2r7
OL08-00-030020 - The OL 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.
Unix
DISA Oracle Linux 8 STIG v2r2
OL08-00-030030 - The OL 8 Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure.
Unix
DISA Oracle Linux 8 STIG v2r2
PHTN-30-000014 - The Photon operating system audit log must log space limit problems to syslog.
Unix
DISA STIG VMware vSphere 7.0 Photon OS v1r3
PHTN-40-000021 The Photon operating system must alert the ISSO and SA in the event of an audit processing failure.
Unix
DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1
PHTN-67-000013 - The Photon operating system audit log must log space limit problems to syslog.
Unix
DISA STIG VMware vSphere 6.7 Photon OS v1r6
RHEL-06-000313 - The audit system must identify staff members to receive notifications of audit log storage volume capacity issues.
Unix
DISA Red Hat Enterprise Linux 6 STIG v2r2
RHEL-08-030020 - The RHEL 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.
Unix
DISA Red Hat Enterprise Linux 8 STIG v2r1
RHEL-08-030030 - The RHEL 8 Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure.
Unix
DISA Red Hat Enterprise Linux 8 STIG v2r1
RHEL-09-252060 - RHEL 9 must forward mail from postmaster to the root account using a postfix alias.
Unix
DISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-653070 - RHEL 9 System Administrator (SA) and/or information system security officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.
Unix
DISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-653125 - RHEL 9 must have mail aliases to notify the information system security officer (ISSO) and system administrator (SA) (at a minimum) in the event of an audit processing failure.
Unix
DISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-654265 - RHEL 9 must take appropriate action when a critical audit processing failure occurs.
Unix
DISA Red Hat Enterprise Linux 9 STIG v2r2
SLES-12-020040 - The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must be alerted of a SUSE operating system audit processing failure event.
Unix
DISA SLES 12 STIG v3r1
SLES-12-020050 - The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must have mail aliases to be notified of a SUSE operating system audit processing failure.
Unix
DISA SLES 12 STIG v3r1
SLES-15-030570 - The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must be alerted of a SUSE operating system audit processing failure event.
Unix
DISA SLES 15 STIG v2r2
SLES-15-030580 - The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must have mail aliases to be notified of a SUSE operating system audit processing failure.
Unix
DISA SLES 15 STIG v2r2
SOL-11.1-010390 - The operating system must alert designated organizational officials in the event of an audit processing failure.
Unix
DISA STIG Solaris 11 SPARC v3r1
SOL-11.1-010390 - The operating system must alert designated organizational officials in the event of an audit processing failure.
Unix
DISA STIG Solaris 11 X86 v3r1
TCAT-AS-001731 - The application server must alert the system administrator (SA) and information system security offer (ISSO), at a minimum, in the event of a log processing failure.
Unix
DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware
UBTU-16-020040 - The System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.
Unix
DISA STIG Ubuntu 16.04 LTS v2r3
UBTU-16-030700 - The Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure.
Unix
DISA STIG Ubuntu 16.04 LTS v2r3
UBTU-18-010300 - The Ubuntu operating system must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.
Unix
DISA STIG Ubuntu 18.04 LTS v2r15
UBTU-20-010117 - The Ubuntu operating system must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.
Unix
DISA STIG Ubuntu 20.04 LTS v2r1
UBTU-22-653025 - Ubuntu 22.04 LTS must alert the information system security officer (ISSO) and system administrator (SA) in the event of an audit processing failure.
Unix
DISA STIG Canonical Ubuntu 22.04 LTS v2r2