Detections
Analytics

CCI|CCI-001855

Title

Provide a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit log storage volume reaches an organization-defined percentage of repository maximum audit log storage capacity.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.48 APPL-14-001030UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.125 UBTU-22-653040UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT III
1.175 UBTU-24-900960UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III
1.282 OL08-00-030730UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.283 OL08-00-030731UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.372 RHEL-09-653035UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.373 RHEL-09-653040UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.374 RHEL-09-653045UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.375 RHEL-09-653050UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.379 RHEL-09-653070UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold.WindowsDISA Windows Vista STIG v6r41
4.1.2.4 Ensure system notification is sent out when volume is 75% full - SA and Information System Security Officer ISSO, at a minimum, when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.5 Ensure system is disabled when audit logs are full - at a minimum via email when the threshold for the repository maximum audit record storage capacity is reached.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.5 Ensure system is disabled when audit logs are full - at a minimum when the threshold for the repository maximum audit record storage capacity is reached.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
ALMA-09-053260 - AlmaLinux OS 9 must take action when allocated audit record storage volume reaches 95 percent of the audit record storage capacity.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r3
ALMA-09-053370 - AlmaLinux OS 9 must take action when allocated audit record storage volume reaches 95 percent of the repository maximum audit record storage capacity.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r3
ALMA-09-053480 - AlmaLinux OS 9 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r3
ALMA-09-053590 - AlmaLinux OS 9 must notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent usage.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r3
APPL-14-001030 - The macOS system must configure audit capacity warning.UnixDISA Apple macOS 14 (Sonoma) STIG v2r3
APPL-15-001030 - The macOS system must configure audit capacity warning.UnixDISA Apple macOS 15 (Sequoia) STIG v1r4
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v3r2
AS24-U1-000160 - The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.UnixDISA STIG Apache Server 2.4 Unix Server v3r2 Middleware
Big Sur - Configure Audit Capacity WarningUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure Audit Capacity WarningUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure Audit Capacity WarningUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Configure Audit Capacity WarningUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure Audit Capacity WarningUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure Audit Capacity WarningUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
CD12-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.UnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.WindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DKER-EE-003330 - Log aggregation/SIEM systems must be configured to alarm when audit storage space for Docker Engine - Enterprise nodes exceed 75% usage.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r2
EP11-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4
EPAS-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.PostgreSQLDBEnterpriseDB PostgreSQL Advanced Server DB v2r1
F5BI-DM-000193 - The BIG-IP appliance must be configured to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.F5DISA F5 BIG-IP Device Management STIG v2r4
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - 'action_mail_account'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - 'space_left_action'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warnUnixDISA STIG Solaris 10 X86 v2r4
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - audit_warnUnixDISA STIG Solaris 10 SPARC v2r4
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfreeUnixDISA STIG Solaris 10 SPARC v2r4
GEN002730 - The audit system must alert the SA when the audit storage volume approaches its capacity - minfreeUnixDISA STIG Solaris 10 X86 v2r4
MADB-10-007400 - MariaDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.MySQLDBDISA MariaDB Enterprise 10.x v2r3 DB
MD3X-00-000630 - MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS
MD4X-00-005000 - MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS
MD7X-00-007300 MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.UnixDISA MongoDB Enterprise Advanced 7.x STIG v1r1
Monterey - Configure Audit Capacity WarningUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Configure Audit Capacity WarningUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Configure Audit Capacity WarningUnixNIST macOS Monterey v1.0.0 - All Profiles
MYS8-00-009800 - The MySQL Database Server 8.0 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.MySQLDBDISA Oracle MySQL 8.0 v2r2 DB
O112-C2-008200 - The DBMS itself, or the logging or alerting mechanism the application utilizes, must provide a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity.OracleDBDISA STIG Oracle 11.2g v2r5 Database