800-53|AU-5b.

Title

RESPONSE TO AUDIT PROCESSING FAILURES

Description

Takes the following additional actions: [Assignment: organization-defined actions to be taken (e.g., shut down information system, overwrite oldest audit records, stop generating audit records)].

Reference Item Details

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
4.6 Ensure audit system action is defined for sending errorsUnixCIS Amazon Linux 2 STIG v1.0.0 L3
4.9 Ensure action is taken when audisp-remote buffer is fullUnixCIS Amazon Linux 2 STIG v1.0.0 L3
AOSX-13-001355 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 11 v1r5
APPL-11-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 11 v1r8
APPL-12-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 12 v1r8
APPL-13-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 13 v1r3
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
CASA-FW-000090 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - Buffer EnabledCiscoDISA STIG Cisco ASA FW v1r4
CASA-FW-000090 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - QueueCiscoDISA STIG Cisco ASA FW v1r4
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
DB2X-00-001900 - Unless it has been determined that availability is paramount, DB2 must, upon audit failure, cease all auditable activity.IBM_DB2DBDISA STIG IBM DB2 v10.5 LUW v2r1 Database
DTAM036 - McAfee VirusScan On-Delivery Email Scan Policies log file size must be restricted and be configured to be at least 10MB - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM036 - McAfee VirusScan On-Delivery Email Scan Policies log file size must be restricted and be configured to be at least 10MB - dwMaxLogSizeMBWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM036 - McAfee VirusScan On-Delivery Email Scanner log file size must be restricted and be configured to be at least 10MB - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM036 - McAfee VirusScan On-Delivery Email Scanner log file size must be restricted and be configured to be at least 10MB - dwMaxLogSizeMBWindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM140 - McAfee VirusScan Access Protection log file size must be restricted and be configured to at least 10MB - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM140 - McAfee VirusScan Access Protection log file size must be restricted and be configured to at least 10MB - dwMaxLogSizeMBWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM140 - McAfee VirusScan Access Protection Reports log file size must be restricted and be configured to at least 10MB. - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM140 - McAfee VirusScan Access Protection Reports log file size must be restricted and be configured to at least 10MB. - dwMaxLogSizeMBWindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
EP11-00-002300 - The EDB Postgres Advanced Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r3
EP11-00-002400 - The EDB Postgres Advanced Server must be configurable to overwrite audit log records, oldest first (First-In-First-Out - FIFO), in the event of unavailability of space for more audit log records.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r3
FNFG-FW-000045 - In the event that communication with the central audit server is lost, the FortiGate firewall must continue to queue traffic log records locally. - disk status|diskfullFortiGateDISA Fortigate Firewall STIG v1r3
FNFG-FW-000045 - In the event that communication with the central audit server is lost, the FortiGate firewall must continue to queue traffic log records locally. - fortianalyzer|syslogd serverFortiGateDISA Fortigate Firewall STIG v1r3
JUSX-AG-000063 - In the event that communications with the Syslog server is lost, the Juniper SRX Services Gateway must continue to queue traffic log records locally.JuniperDISA Juniper SRX Services Gateway ALG v2r1
JUSX-DM-000021 - The Juniper SRX Services Gateway must generate an alert message to the management console and generate a log event record that can be forwarded to the ISSO and designated system administrators when accounts are disabled.JuniperDISA Juniper SRX Services Gateway NDM v2r1
MADB-10-001700 - MariaDB must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.MySQLDBDISA MariaDB Enterprise 10.x v1r3 DB
MADB-10-001800 - MariaDB must be configurable to overwrite audit log records, oldest first (First-In-First-Out - FIFO), in the event of unavailability of space for more audit log records.MySQLDBDISA MariaDB Enterprise 10.x v1r3 DB
MD3X-00-000040 - MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r2 OS
MD4X-00-000100 - MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r3 OS
Monterey - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Monterey v1.0.0 - 800-53r4 Low