Detections
Analytics

800-53|AU-5b.

Title

RESPONSE TO AUDIT PROCESSING FAILURES

Description

Takes the following additional actions: [Assignment: organization-defined actions to be taken (e.g., shut down information system, overwrite oldest audit records, stop generating audit records)].

Reference Item Details

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.35 APPL-14-001010UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.49 APPL-14-001031UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.123 UBTU-22-653030UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.209 OL08-00-030040UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.210 OL08-00-030060UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.369 RHEL-09-653020UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.370 RHEL-09-653025UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.376 RHEL-09-653055UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.443 RHEL-09-654265UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS AlmaLinux OS 10 v1.0.0 L2 Server
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS Red Hat Enterprise Linux 8 STIG v2.0.0 L2 Workstation
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS Rocky Linux 10 v1.0.0 L2 Workstation
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS Red Hat Enterprise Linux 10 v1.0.1 L2 Server
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS AlmaLinux OS 10 v1.0.0 L2 Workstation
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS Oracle Linux 10 v1.0.0 L2 Server
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS Oracle Linux 8 v4.0.0 L2 Server
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS AlmaLinux OS 8 v4.0.0 L2 Server
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS Red Hat Enterprise Linux 8 STIG v2.0.0 L2 Server
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS Oracle Linux 8 v4.0.0 L2 Workstation
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS Red Hat Enterprise Linux 8 v4.0.0 L2 Workstation
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS Red Hat Enterprise Linux 10 v1.0.1 L2 Workstation
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS Red Hat Enterprise Linux 8 v4.0.0 L2 Server
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS Oracle Linux 10 v1.0.0 L2 Workstation
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS Rocky Linux 10 v1.0.0 L2 Server
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS Rocky Linux 8 v3.0.0 L2 Workstation
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS AlmaLinux OS 8 v4.0.0 L2 Workstation
6.3.2.3 Ensure system is disabled when audit logs are fullUnixCIS Rocky Linux 8 v3.0.0 L2 Server
ALMA-09-054030 - AlmaLinux OS 9 audit system must take appropriate action when an error writing to the audit storage volume occurs.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
ALMA-09-054140 - AlmaLinux OS 9 audit system must take appropriate action when the audit storage volume is full.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
ALMA-09-054250 - AlmaLinux OS 9 must take appropriate action when a critical audit processing failure occurs.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
ALMA-09-054360 - AlmaLinux OS 9 audit system must make full use of the audit storage space.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
ALMA-09-054470 - AlmaLinux OS 9 audit system must take appropriate action when the audit files have reached maximum size.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
ALMA-09-054580 - AlmaLinux OS 9 audit system must retain an optimal number of audit records.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
AOSX-13-001355 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 11 v1r5
APPL-11-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 11 v1r8
APPL-12-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 12 v1r9
APPL-13-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 13 v1r5
APPL-14-001010 - The macOS system must configure system to shut down upon audit failure.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-14-001031 - The macOS system must configure audit failure notification.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-15-001010 - The macOS system must be configured to shut down upon audit failure.UnixDISA Apple macOS 15 Sequoia STIG v1r5
APPL-15-001031 - The macOS system must configure audit failure notification.UnixDISA Apple macOS 15 Sequoia STIG v1r5
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate