800-53|AU-4

Title

AUDIT STORAGE CAPACITY

Description

The organization allocates audit record storage capacity in accordance with [Assignment: organization-defined audit record storage requirements].

Supplemental

Organizations consider the types of auditing to be performed and the audit processing requirements when allocating audit storage capacity. Allocating sufficient audit storage capacity reduces the likelihood of such capacity being exceeded and resulting in the potential loss or reduction of auditing capability.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AU-11,AU-2,AU-5,AU-6,AU-7,SI-4

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
4.1.1.1 Ensure audit log storage size is configured	Unix	CIS Amazon Linux v2.0.0 L2
1.1.1.2.1.15 Set 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' to '90'	Windows	CIS Windows 2003 DC v3.1.0
1.1.1.2.1.15 Set 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' to '90'	Windows	CIS Windows 2003 MS v3.1.0
1.1.1.3.2 Set 'Maximum application log size' to '16384'	Windows	CIS Windows 2003 MS v3.1.0
1.1.1.3.2 Set 'Maximum application log size' to '16384'	Windows	CIS Windows 2003 DC v3.1.0
1.1.1.3.4 Set 'Maximum system log size' to '16384'	Windows	CIS Windows 2003 DC v3.1.0
1.1.1.3.4 Set 'Maximum system log size' to '16384'	Windows	CIS Windows 2003 MS v3.1.0
1.1.1.3.5 Set 'Maximum security log size' to '81920'	Windows	CIS Windows 2003 DC v3.1.0
1.1.1.3.5 Set 'Maximum security log size' to '81920'	Windows	CIS Windows 2003 MS v3.1.0
1.1.10 Ensure separate partition exists for /var/log	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0
1.1.10 Ensure separate partition exists for /var/log	Unix	CIS Debian 8 Server L2 v2.0.2
1.1.10 Ensure separate partition exists for /var/log	Unix	CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0
1.1.10 Ensure separate partition exists for /var/log	Unix	CIS Debian 8 Workstation L2 v2.0.2
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS Distribution Independent Linux Server L2 v2.0.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS Amazon Linux v2.1.0 L2
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS CentOS 6 Server L2 v3.0.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS Oracle Linux 6 Server L2 v2.0.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS SUSE Linux Enterprise Workstation 11 L2 v2.0.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS Debian Family Server L2 v1.0.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS Debian 9 Server L2 v1.0.1
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS Aliyun Linux 2 L2 v1.0.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS CentOS 6 Workstation L2 v3.0.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS SUSE Linux Enterprise Server 11 L2 v2.1.1
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS Distribution Independent Linux Workstation L2 v2.0.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS Debian 9 Workstation L2 v1.0.1
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS Oracle Linux 6 Workstation L2 v2.0.0
1.1.11 Ensure separate partition exists for /var/log	Unix	Huawei EulerOS 2 Server L2 v1.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS SUSE Linux Enterprise Server 12 L2 v2.1.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS Debian Family Workstation L2 v1.0.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS Amazon Linux v2.0.0 L2
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS Amazon Linux 2 v1.0.0 L2
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS SUSE Linux Enterprise Server 11 L2 v2.0.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS Red Hat 6 Server L2 v3.0.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS Red Hat 6 Workstation L2 v3.0.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS SUSE Linux Enterprise Workstation 12 L2 v2.1.0
1.1.11 Ensure separate partition exists for /var/log	Unix	Huawei EulerOS 2 Workstation L2 v1.0
1.1.11 Ensure separate partition exists for /var/log/audit	Unix	CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0
1.1.11 Ensure separate partition exists for /var/log/audit	Unix	CIS Debian 8 Server L2 v2.0.2
1.1.11 Ensure separate partition exists for /var/log/audit	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0
1.1.11 Ensure separate partition exists for /var/log/audit	Unix	CIS Debian 8 Workstation L2 v2.0.2
1.1.12 Ensure separate partition exists for /var/log	Unix	CIS Amazon Linux 2 STIG v1.0.0 L2
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Debian 9 Workstation L2 v1.0.1
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Amazon Linux v2.0.0 L2
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS CentOS 6 Workstation L2 v3.0.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Red Hat 6 Workstation L2 v3.0.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Debian Family Workstation L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Distribution Independent Linux Workstation L2 v2.0.0

Detections

Analytics