CCI|CCI-000139

Title

The information system alerts designated organization-defined personnel or roles in the event of an audit processing failure.

Reference Item Details

Category: 2009

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.WindowsDISA Windows Vista STIG v6r41
4.1.2.10 Ensure the auditing processing failures are handled - System Administrator [SA] and Information System Security Officer [ISSO] at a minimum in the event of an audit processing failure.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002008 - AIX must be configured to generate an audit record when 75% of the audit file system is full.UnixDISA STIG AIX 7.x v2r9
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v2r6
AS24-W1-000160 - The Apache web server must use a logging mechanism that is configured to alert the (ISSO) and System Administrator (SA) in the event of a processing failure.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
Big Sur - Alert Audit Processing FailureUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Alert Audit Processing FailureUnixNIST macOS Catalina v1.5.0 - All Profiles
DKER-EE-001590 - Docker Enterprise must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r1
F5BI-DM-000067 - The BIG-IP appliance must be configured to alert the ISSO and SA (at a minimum) in the event of an audit processing failure - at a minimum in the event of an audit processing failure.F5DISA F5 BIG-IP Device Management 11.x STIG v2r2
GEN002719 - The audit system must alert the SA in the event of an audit processing failure - '/etc/audit/auditd.conf disk_error_action'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002719 - The audit system must alert the SA in the event of an audit processing failure - '/etc/audit/auditd.conf disk_error_action'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002719 - The audit system must alert the SA in the event of an audit processing failure - '/etc/audit/auditd.conf disk_full_action'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002719 - The audit system must alert the SA in the event of an audit processing failure - '/etc/audit/auditd.conf disk_full_action'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002719 - The audit system must alert the SA in the event of an audit processing failure.UnixDISA STIG Solaris 10 X86 v2r4
GEN002719 - The audit system must alert the SA in the event of an audit processing failure.UnixDISA STIG Solaris 10 SPARC v2r4
IIST-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 10.0 website must be enabled.WindowsDISA IIS 10.0 Site v2r9
IIST-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled.WindowsDISA IIS 10.0 Server v2r10
IISW-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 8.5 website must be enabled.WindowsDISA IIS 8.5 Site v2r9
IISW-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 8.5 web server must be enabled.WindowsDISA IIS 8.5 Server v2r7
Monterey - Alert Audit Processing FailureUnixNIST macOS Monterey v1.0.0 - All Profiles
OL6-00-000313 - The audit system must identify staff members to receive notifications of audit log storage volume capacity issues.UnixDISA STIG Oracle Linux 6 v2r7
OL08-00-030020 - The OL 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event - at a minimum must be alerted of an audit processing failure event.UnixDISA Oracle Linux 8 STIG v1r8
PHTN-30-000014 - The Photon operating system audit log must log space limit problems to syslog.UnixDISA STIG VMware vSphere 7.0 Photon OS v1r2
PHTN-67-000013 - The Photon operating system audit log must log space limit problems to syslog.UnixDISA STIG VMware vSphere 6.7 Photon OS v1r6
RHEL-06-000313 - The audit system must identify staff members to receive notifications of audit log storage volume capacity issues.UnixDISA Red Hat Enterprise Linux 6 STIG v2r2
RHEL-08-030020 - The RHEL 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.UnixDISA Red Hat Enterprise Linux 8 STIG v1r13
RHEL-08-030030 - The RHEL 8 Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure.UnixDISA Red Hat Enterprise Linux 8 STIG v1r13
RHEL-09-252060 - RHEL 9 must forward mail from postmaster to the root account using a postfix alias.UnixDISA Red Hat Enterprise Linux 9 STIG v1r1
RHEL-09-653070 - RHEL 9 System Administrator (SA) and/or information system security officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.UnixDISA Red Hat Enterprise Linux 9 STIG v1r1
RHEL-09-653125 - RHEL 9 must have mail aliases to notify the information system security officer (ISSO) and system administrator (SA) (at a minimum) in the event of an audit processing failure.UnixDISA Red Hat Enterprise Linux 9 STIG v1r1
RHEL-09-654265 - RHEL 9 must take appropriate action when a critical audit processing failure occurs.UnixDISA Red Hat Enterprise Linux 9 STIG v1r1
SLES-12-020040 - The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must be alerted of a SUSE operating system audit processing failure event.UnixDISA SLES 12 STIG v2r12
SLES-12-020050 - The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must have mail aliases to be notified of a SUSE operating system audit processing failure.UnixDISA SLES 12 STIG v2r12
SLES-15-030570 - The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must be alerted of a SUSE operating system audit processing failure event.UnixDISA SLES 15 STIG v1r11
SLES-15-030580 - The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must have mail aliases to be notified of a SUSE operating system audit processing failureUnixDISA SLES 15 STIG v1r11
SOL-11.1-010390 - The operating system must alert designated organizational officials in the event of an audit processing failure.UnixDISA STIG Solaris 11 SPARC v2r6
SOL-11.1-010390 - The operating system must alert designated organizational officials in the event of an audit processing failure.UnixDISA STIG Solaris 11 X86 v2r6
SOL-11.1-010390 - The operating system must alert designated organizational officials in the event of an audit processing failure.UnixDISA STIG Solaris 11 SPARC v2r8
SOL-11.1-010390 - The operating system must alert designated organizational officials in the event of an audit processing failure.UnixDISA STIG Solaris 11 X86 v2r8
TCAT-AS-001731 - The application server must alert the SA and ISSO, at a minimum, in the event of a log processing failure.UnixDISA STIG Apache Tomcat Application Server 9 v2r6 Middleware
TCAT-AS-001731 - The application server must alert the SA and ISSO, at a minimum, in the event of a log processing failure.UnixDISA STIG Apache Tomcat Application Server 9 v2r6
UBTU-16-020040 - The System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.UnixDISA STIG Ubuntu 16.04 LTS v2r3
UBTU-16-030700 - The Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure.UnixDISA STIG Ubuntu 16.04 LTS v2r3
UBTU-18-010300 - The Ubuntu operating system must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.UnixDISA STIG Ubuntu 18.04 LTS v2r12
UBTU-20-010117 - The Ubuntu operating system must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.UnixDISA STIG Ubuntu 20.04 LTS v1r7
UBTU-20-010117 - The Ubuntu operating system must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.UnixDISA STIG Ubuntu 20.04 LTS v1r10
VCLU-70-000028 - Lookup Service log files must be offloaded to a central log server in real time.UnixDISA STIG VMware vSphere 7.0 Lookup Service v1r2
VCTR-67-000008 - The vCenter Server must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events.VMwareDISA STIG VMware vSphere 6.7 vCenter v1r4
VCUI-67-000027 - vSphere UI log files must be moved to a permanent repository in accordance with site policy - accessUnixDISA STIG VMware vSphere 6.7 UI Tomcat v1r3