800-53|AU-4(1)

Title

TRANSFER TO ALTERNATE STORAGE

Description

The information system off-loads audit records [Assignment: organization-defined frequency] onto a different system or media than the system being audited.

Supplemental

Off-loading is a process designed to preserve the confidentiality and integrity of audit records by moving the records from the primary information system to a secondary or alternate system. It is a common process in information systems with limited audit storage capacity; the audit storage is used only in a transitory fashion until the system can communicate with the secondary or alternate system designated for storing the audit records, at which point the information is transferred.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: AUDIT AND ACCOUNTABILITY

Parent Title: AUDIT STORAGE CAPACITY

Family: AUDIT AND ACCOUNTABILITY

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.15 UBTU-24-100450	Unix	CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III
1.57 WN16-AU-000010	Windows	CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.57 WN16-AU-000010	Windows	CIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.57 WN19-AU-000010	Windows	CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.57 WN19-AU-000010	Windows	CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.57 WN22-AU-000010	Windows	CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.57 WN22-AU-000010	Windows	CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.58 WN16-AU-000020	Windows	CIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.58 WN16-AU-000020	Windows	CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.58 WN19-AU-000020	Windows	CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.58 WN19-AU-000020	Windows	CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.58 WN22-AU-000020	Windows	CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.58 WN22-AU-000020	Windows	CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.116 UBTU-22-651035	Unix	CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT III
1.121 UBTU-22-653020	Unix	CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT III
1.174 UBTU-24-900950	Unix	CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III
1.212 OL08-00-030062	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.278 OL08-00-030690	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.279 OL08-00-030700	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.280 OL08-00-030710	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.281 OL08-00-030720	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.357 RHEL-09-652010	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.362 RHEL-09-652040	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.363 RHEL-09-652045	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.364 RHEL-09-652050	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.365 RHEL-09-652055	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.371 RHEL-09-653030	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.377 RHEL-09-653060	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.378 RHEL-09-653065	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.391 RHEL-09-653130	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
4.1.2.3 Ensure audit system is set to single when the disk is full.	Unix	CIS Amazon Linux 2 STIG v2.0.0 STIG
4.1.2.3 Ensure audit system is set to single when the disk is full.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.6 Ensure audit system action is defined for sending errors	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.6 Ensure audit system action is defined for sending errors	Unix	CIS Amazon Linux 2 STIG v2.0.0 STIG
4.1.2.8 Ensure audit logs are stored on a different system.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.8 Ensure audit logs are stored on a different system.	Unix	CIS Amazon Linux 2 STIG v2.0.0 STIG
4.1.2.9 Ensure audit logs on separate system are encrypted.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.9 Ensure audit logs on separate system are encrypted.	Unix	CIS Amazon Linux 2 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - direction	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - path	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - type	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs.	Unix	CIS Amazon Linux 2 STIG v2.0.0 STIG
4.1.2.12 Ensure action is taken when audisp-remote buffer is full	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.12 Ensure action is taken when audisp-remote buffer is full	Unix	CIS Amazon Linux 2 STIG v2.0.0 STIG
4.1.2.13 Ensure off-loaded audit logs are labeled.	Unix	CIS Amazon Linux 2 STIG v2.0.0 STIG
4.1.2.13 Ensure off-loaded audit logs are labeled.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.10 init.ora - 'Establish redundant physically separate locations for redo log files.'	Unix	CIS v1.1.0 Oracle 11g OS L1
4.10 init.ora - 'Establish redundant physically separate locations for redo log files.'	Windows	CIS v1.1.0 Oracle 11g OS Windows Level 1
4.11 init.ora - 'Specify redo logging must be successful.'	Windows	CIS v1.1.0 Oracle 11g OS Windows Level 1
6.2.2.13 Ensure the the operating system authenticates the remote logging server for off-loading audit logs	Unix	CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG

Detections

Analytics