Detections
Analytics

CCI|CCI-000140

Title

Take organization-defined actions upon audit failure include, shutting down the system, overwriting oldest audit records, and stopping the generation of audit records.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
ALMA-09-054030 - AlmaLinux OS 9 audit system must take appropriate action when an error writing to the audit storage volume occurs.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-054140 - AlmaLinux OS 9 audit system must take appropriate action when the audit storage volume is full.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-054250 - AlmaLinux OS 9 must take appropriate action when a critical audit processing failure occurs.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-054360 - AlmaLinux OS 9 audit system must make full use of the audit storage space.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-054470 - AlmaLinux OS 9 audit system must take appropriate action when the audit files have reached maximum size.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-054580 - AlmaLinux OS 9 audit system must retain an optimal number of audit records.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
AOSX-13-001355 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 11 v1r5
APPL-11-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 11 v1r8
APPL-12-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 12 v1r9
APPL-13-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 13 v1r5
APPL-14-001010 The macOS system must configure system to shut down upon audit failure.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-14-001031 The macOS system must configure audit failure notification.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-15-001010 - The macOS system must be configured to shut down upon audit failure.UnixDISA Apple macOS 15 (Sequoia) STIG v1r2
APPL-15-001031 - The macOS system must configure audit failure notification.UnixDISA Apple macOS 15 (Sequoia) STIG v1r2
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
CASA-FW-000090 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - Buffer EnabledCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000090 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - QueueCiscoDISA STIG Cisco ASA FW v2r1
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
CD12-00-002800 - PostgreSQL must be configurable to overwrite audit log records, oldest first (First-In-First-Out [FIFO]), in the event of unavailability of space for more audit log records.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
CD12-00-002900 - PostgreSQL must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
DB2X-00-001900 - Unless it has been determined that availability is paramount, DB2 must, upon audit failure, cease all auditable activity.IBM_DB2DBDISA STIG IBM DB2 v10.5 LUW v2r1 Database
DTAM036 - McAfee VirusScan On-Delivery Email Scan Policies log file size must be restricted and be configured to be at least 10MB - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM036 - McAfee VirusScan On-Delivery Email Scan Policies log file size must be restricted and be configured to be at least 10MB - dwMaxLogSizeMBWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM036 - McAfee VirusScan On-Delivery Email Scanner log file size must be restricted and be configured to be at least 10MB - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM036 - McAfee VirusScan On-Delivery Email Scanner log file size must be restricted and be configured to be at least 10MB - dwMaxLogSizeMBWindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM140 - McAfee VirusScan Access Protection log file size must be restricted and be configured to at least 10MB - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM140 - McAfee VirusScan Access Protection log file size must be restricted and be configured to at least 10MB - dwMaxLogSizeMBWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM140 - McAfee VirusScan Access Protection Reports log file size must be restricted and be configured to at least 10MB. - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM140 - McAfee VirusScan Access Protection Reports log file size must be restricted and be configured to at least 10MB. - dwMaxLogSizeMBWindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
EP11-00-002300 - The EDB Postgres Advanced Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4
EP11-00-002400 - The EDB Postgres Advanced Server must be configurable to overwrite audit log records, oldest first (First-In-First-Out - FIFO), in the event of unavailability of space for more audit log records.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4