CCI|CCI-000140

Title

The information system takes organization-defined actions upon audit failure (e.g., shut down information system, overwrite oldest audit records, stop generating audit records).

Reference Item Details

Category: 2009

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AOSX-13-001355 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple Mac OSX 10.15 v1r8
APPL-11-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 11 v1r5
APPL-11-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern).UnixDISA STIG Apple macOS 11 v1r6
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
CASA-FW-000090 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - Buffer EnabledCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000090 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - QueueCiscoDISA STIG Cisco ASA FW v1r2
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Catalina v1.5.0 - All Profiles
DTAM036 - McAfee VirusScan On-Delivery Email Scan Policies log file size must be restricted and be configured to be at least 10MB - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM036 - McAfee VirusScan On-Delivery Email Scan Policies log file size must be restricted and be configured to be at least 10MB - dwMaxLogSizeMBWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM036 - McAfee VirusScan On-Delivery Email Scanner log file size must be restricted and be configured to be at least 10MB - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM036 - McAfee VirusScan On-Delivery Email Scanner log file size must be restricted and be configured to be at least 10MB - dwMaxLogSizeMBWindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM140 - McAfee VirusScan Access Protection log file size must be restricted and be configured to at least 10MB - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM140 - McAfee VirusScan Access Protection log file size must be restricted and be configured to at least 10MB - dwMaxLogSizeMBWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM140 - McAfee VirusScan Access Protection Reports log file size must be restricted and be configured to at least 10MB. - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM140 - McAfee VirusScan Access Protection Reports log file size must be restricted and be configured to at least 10MB. - dwMaxLogSizeMBWindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
EP11-00-002300 - The EDB Postgres Advanced Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r1
EP11-00-002400 - The EDB Postgres Advanced Server must be configurable to overwrite audit log records, oldest first (First-In-First-Out - FIFO), in the event of unavailability of space for more audit log records.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r1
FNFG-FW-000045 - In the event that communication with the central audit server is lost, the FortiGate firewall must continue to queue traffic log records locally. - disk status|diskfullFortiGateDISA Fortigate Firewall STIG v1r1
FNFG-FW-000045 - In the event that communication with the central audit server is lost, the FortiGate firewall must continue to queue traffic log records locally. - fortianalyzer|syslogd serverFortiGateDISA Fortigate Firewall STIG v1r1
MD3X-00-000040 - MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r1 OS
MD4X-00-000100 - MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r1 OS
Monterey - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Monterey v1.0.0 - 800-171
Monterey - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Monterey v1.0.0 - 800-53r5 Low
Monterey - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Configure System to Shut Down Upon Audit FailureUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
OL08-00-030040 - The OL 8 System must take appropriate action when an audit processing failure occurs.UnixDISA Oracle Linux 8 STIG v1r2
OL08-00-030060 - The OL 8 audit system must take appropriate action when the audit storage volume is full.UnixDISA Oracle Linux 8 STIG v1r2