AU-5: Response To Audit Processing Failures


2019-04-12 13:01:48.067729




The information system:

Code Description
AU-5a. Alerts [Assignment: organization-defined personnel or roles] in the event of an audit processing failure; and
AU-5b. Takes the following additional actions: [Assignment: organization-defined actions to be taken (e.g., shut down information system, overwrite oldest audit records, stop generating audit records)].


STIG # Description Result
V-72893 PostgreSQL must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts. skipped
V-73023 The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity. skipped

Additional Guidance

Audit processing failures include, for example, software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. Organizations may choose to define additional actions for different audit processing failures (e.g., by type, by location, by severity, or a combination of such factors). This control applies to each audit data storage repository (i.e., distinct information system component where audit records are stored), the total audit storage capacity of organizations (i.e., all audit data storage repositories combined), or both.