Detections
Analytics

CCI|CCI-001861

Title

Invoke a full system shutdown, partial system shutdown, or degraded operational mode with limited mission or business functionality available in the event of organization-defined audit logging failures, unless an alternate audit logging capability exists.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
CASA-VN-000080 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - logging permit-hostdownCiscoDISA STIG Cisco ASA VPN v2r1
CASA-VN-000080 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - logging queueCiscoDISA STIG Cisco ASA VPN v2r1
SPLK-CL-000180 - Splunk Enterprise must notify the System Administrator (SA) or Information System Security Officer (ISSO) if communication with the host and devices within its scope of coverage is lost.SplunkDISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST API
SPLK-CL-000310 - Splunk Enterprise must notify the System Administrator (SA) or Information System Security Officer (ISSO) if communication with the host and devices within its scope of coverage is lost.SplunkDISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API
SQL2-00-012800 - SQL Server must shutdown immediately in the event of an audit failure, unless an alternative audit capability exists.MS_SQLDBDISA STIG SQL Server 2012 DB Instance Security v1r20