STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← AU-5 (4) — Shutdown on Failure

CCI-001861

Definition

Invoke a full system shutdown, partial system shutdown, or degraded operational mode with limited mission or business functionality available in the event of organization-defined audit logging failures, unless an alternate audit logging capability exists.

Parent Control

AU-5 (4)Shutdown on FailureAudit and Accountability

Linked STIG Checks (4)

V-239947CAT IIThe Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable.Cisco ASA VPN Security Technical Implementation GuideV-242596CAT IIThe Cisco ISE must be configured with a secondary log server in case the primary log is unreachable. This is required for compliance with C2C Step 1.Cisco ISE NAC Security Technical Implementation GuideV-221627CAT IIISplunk Enterprise must notify the System Administrator (SA) or Information System Security Officer (ISSO) if communication with the host and devices within its scope of coverage is lost.Splunk Enterprise 7.x for Windows Security Technical Implementation GuideV-251671CAT IIISplunk Enterprise must notify the System Administrator (SA) or Information System Security Officer (ISSO) if communication with the host and devices within its scope of coverage is lost.Splunk Enterprise 8.x for Linux Security Technical Implementation Guide