Detections
Analytics

800-53|AU-4(1)

Title

TRANSFER TO ALTERNATE STORAGE

Description

The information system off-loads audit records [Assignment: organization-defined frequency] onto a different system or media than the system being audited.

Supplemental

Off-loading is a process designed to preserve the confidentiality and integrity of audit records by moving the records from the primary information system to a secondary or alternate system. It is a common process in information systems with limited audit storage capacity; the audit storage is used only in a transitory fashion until the system can communicate with the secondary or alternate system designated for storing the audit records, at which point the information is transferred.

Reference Item Details

Category: AUDIT AND ACCOUNTABILITY

Parent Title: AUDIT STORAGE CAPACITY

Family: AUDIT AND ACCOUNTABILITY

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.15 UBTU-24-100450UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III
1.57 WN16-AU-000010WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.57 WN16-AU-000010WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.57 WN19-AU-000010WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.57 WN19-AU-000010WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.57 WN22-AU-000010WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.57 WN22-AU-000010WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.58 WN16-AU-000020WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.58 WN16-AU-000020WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.58 WN19-AU-000020WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.58 WN19-AU-000020WindowsCIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.58 WN22-AU-000020WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.58 WN22-AU-000020WindowsCIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.116 UBTU-22-651035UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT III
1.121 UBTU-22-653020UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT III
1.174 UBTU-24-900950UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III
1.212 OL08-00-030062UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.278 OL08-00-030690UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.279 OL08-00-030700UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.280 OL08-00-030710UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.281 OL08-00-030720UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.357 RHEL-09-652010UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.362 RHEL-09-652040UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.363 RHEL-09-652045UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.364 RHEL-09-652050UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.365 RHEL-09-652055UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.371 RHEL-09-653030UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.377 RHEL-09-653060UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.378 RHEL-09-653065UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.391 RHEL-09-653130UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
4.1.2.3 Ensure audit system is set to single when the disk is full.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.6 Ensure audit system action is defined for sending errorsUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.8 Ensure audit logs are stored on a different system.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.9 Ensure audit logs on separate system are encrypted.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - directionUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - pathUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - typeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.12 Ensure action is taken when audisp-remote buffer is fullUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.13 Ensure off-loaded audit logs are labeled.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.10 init.ora - 'Establish redundant physically separate locations for redo log files.'UnixCIS v1.1.0 Oracle 11g OS L1
4.10 init.ora - 'Establish redundant physically separate locations for redo log files.'WindowsCIS v1.1.0 Oracle 11g OS Windows Level 1
4.11 init.ora - 'Specify redo logging must be successful.'WindowsCIS v1.1.0 Oracle 11g OS Windows Level 1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002131 - AIX must implement a remote syslog server that is documented using site-defined procedures.UnixDISA STIG AIX 7.x v3r1
ALMA-09-052160 - AlmaLinux OS 9 audispd-plugins package must be installed.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-052270 - AlmaLinux OS 9 must label all offloaded audit logs before sending them to the central log server.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-052380 - AlmaLinux OS 9 must take appropriate action when the internal event queue is full.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-052490 - AlmaLinux OS 9 must be configured to offload audit records onto a different system from the system being audited via syslog.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-052600 - AlmaLinux OS 9 must authenticate the remote logging server for offloading audit logs via rsyslog.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-052710 - AlmaLinux OS 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2