CCI|CCI-001855

Title

The information system provides a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit record storage volume reaches an organization-defined percentage of repository maximum audit record storage capacity.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.WindowsDISA Windows Vista STIG v6r41
4.1.2.4 Ensure system notification is sent out when volume is 75% full - SA and Information System Security Officer ISSO, at a minimum, when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.5 Ensure system is disabled when audit logs are full - at a minimum via email when the threshold for the repository maximum audit record storage capacity is reached.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.5 Ensure system is disabled when audit logs are full - at a minimum when the threshold for the repository maximum audit record storage capacity is reached.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v2r6
Big Sur - Configure Audit Capacity WarningUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure Audit Capacity WarningUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure Audit Capacity WarningUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Configure Audit Capacity WarningUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure Audit Capacity WarningUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure Audit Capacity WarningUnixNIST macOS Catalina v1.5.0 - All Profiles
DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.WindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.UnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DKER-EE-003330 - Log aggregation/SIEM systems must be configured to alarm when audit storage space for Docker Engine - Enterprise nodes exceed 75% usage.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r1
EP11-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r2
F5BI-DM-000193 - The BIG-IP appliance must be configured to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.F5DISA F5 BIG-IP Device Management 11.x STIG v2r2
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - 'action_mail_account'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - 'space_left_action'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warnUnixDISA STIG Solaris 10 SPARC v2r4
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warnUnixDISA STIG Solaris 10 X86 v2r4
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfreeUnixDISA STIG Solaris 10 SPARC v2r4
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfreeUnixDISA STIG Solaris 10 X86 v2r4
MADB-10-007400 - MariaDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.MySQLDBDISA MariaDB Enterprise 10.x v1r2 DB
MD3X-00-000630 - MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r1 OS
MD4X-00-005000 - MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r2 OS
Monterey - Configure Audit Capacity WarningUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Configure Audit Capacity WarningUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Configure Audit Capacity WarningUnixNIST macOS Monterey v1.0.0 - All Profiles
MYS8-00-009800 - The MySQL Database Server 8.0 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.MySQLDBDISA Oracle MySQL 8.0 v1r4 DB
O112-C2-008200 - The DBMS itself, or the logging or alerting mechanism the application utilizes, must provide a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity.OracleDBDISA STIG Oracle 11.2g v2r3 Database
O121-C2-008200 - The DBMS itself, or the logging or alerting mechanism the application utilizes, must provide a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity.OracleDBDISA STIG Oracle 12c v2r8 Database
OL6-00-000005 - The audit system must alert designated staff members when the audit storage volume approaches capacity.UnixDISA STIG Oracle Linux 6 v2r7
OL6-00-000311 - The audit system must provide a warning when allocated audit record storage volume reaches a documented percentage of maximum audit record storage capacity.UnixDISA STIG Oracle Linux 6 v2r7
OL08-00-030730 - OL 8 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.UnixDISA Oracle Linux 8 STIG v1r8
PANW-NM-000096 - The Palo Alto Networks security platform must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.Palo_AltoDISA STIG Palo Alto NDM v2r2
PGS9-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity - alertUnixDISA STIG PostgreSQL 9.x on RHEL OS v2r3
PGS9-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity - capacityUnixDISA STIG PostgreSQL 9.x on RHEL OS v2r3
PHTN-30-000057 - The Photon operating system must configure auditd to log space limit problems to syslog.UnixDISA STIG VMware vSphere 7.0 Photon OS v1r2
PHTN-67-000060 - The Photon operating system must configure auditd to log space limit problems to syslog.UnixDISA STIG VMware vSphere 6.7 Photon OS v1r6
PPS9-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.UnixEDB PostgreSQL Advanced Server OS Linux Audit v2r2
RHEL-06-000005 - The audit system must alert designated staff members when the audit storage volume approaches capacity.UnixDISA Red Hat Enterprise Linux 6 STIG v2r2
RHEL-06-000163 - The audit system must switch the system to single-user mode when available audit storage volume becomes dangerously low.UnixDISA Red Hat Enterprise Linux 6 STIG v2r2
RHEL-06-000311 - The audit system must provide a warning when allocated audit record storage volume reaches a documented percentage of maximum audit record storage capacity.UnixDISA Red Hat Enterprise Linux 6 STIG v2r2
RHEL-08-030730 - RHEL 8 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.UnixDISA Red Hat Enterprise Linux 8 STIG v1r13
RHEL-08-030731 - RHEL 8 must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume 75 percent utilization.UnixDISA Red Hat Enterprise Linux 8 STIG v1r13
RHEL-09-653035 - RHEL 9 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.UnixDISA Red Hat Enterprise Linux 9 STIG v1r1
RHEL-09-653040 - RHEL 9 must notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume 75 percent utilization.UnixDISA Red Hat Enterprise Linux 9 STIG v1r1
RHEL-09-653045 - RHEL 9 must take action when allocated audit record storage volume reaches 95 percent of the audit record storage capacity.UnixDISA Red Hat Enterprise Linux 9 STIG v1r1
RHEL-09-653050 - RHEL 9 must take action when allocated audit record storage volume reaches 95 percent of the repository maximum audit record storage capacity.UnixDISA Red Hat Enterprise Linux 9 STIG v1r1