Detections
Analytics

CCI|CCI-001861

Title

Invoke a full system shutdown, partial system shutdown, or degraded operational mode with limited mission or business functionality available in the event of organization-defined audit logging failures, unless an alternate audit logging capability exists.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
CASA-VN-000080 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - logging permit-hostdownCiscoDISA STIG Cisco ASA VPN v1r2
CASA-VN-000080 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - logging permit-hostdownCiscoDISA STIG Cisco ASA VPN v1r3
CASA-VN-000080 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - logging permit-hostdownCiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000080 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - logging queueCiscoDISA STIG Cisco ASA VPN v1r3
CASA-VN-000080 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - logging queueCiscoDISA STIG Cisco ASA VPN v1r1
CASA-VN-000080 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - logging queueCiscoDISA STIG Cisco ASA VPN v1r2
SPLK-CL-000180 - Splunk Enterprise must notify the System Administrator (SA) or Information System Security Officer (ISSO) if communication with the host and devices within its scope of coverage is lost.SplunkDISA STIG Splunk Enterprise 8.x for Linux v1r5 STIG REST API
SPLK-CL-000180 - Splunk Enterprise must notify the System Administrator (SA) or Information System Security Officer (ISSO) if communication with the host and devices within its scope of coverage is lost.SplunkDISA STIG Splunk Enterprise 8.x for Linux v1r3 STIG REST API
SPLK-CL-000180 - Splunk Enterprise must notify the System Administrator (SA) or Information System Security Officer (ISSO) if communication with the host and devices within its scope of coverage is lost.SplunkDISA STIG Splunk Enterprise 8.x for Linux v1r4 STIG REST API
SPLK-CL-000310 - Splunk Enterprise must notify the System Administrator (SA) or Information System Security Officer (ISSO) if communication with the host and devices within its scope of coverage is lost.SplunkDISA STIG Splunk Enterprise 7.x for Windows v2r4 REST API
SPLK-CL-000310 - Splunk Enterprise must notify the System Administrator (SA) or Information System Security Officer (ISSO) if communication with the host and devices within its scope of coverage is lost.SplunkDISA STIG Splunk Enterprise 7.x for Windows v2r3 REST API
SQL2-00-012800 - SQL Server must shutdown immediately in the event of an audit failure, unless an alternative audit capability exists.MS_SQLDBDISA STIG SQL Server 2012 DB Instance Security v1r20
WN11-00-000260 - The Windows 11 time service must synchronize with an appropriate DoD time source.WindowsDISA Windows 11 STIG v1r1