STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

AU-5

Audit and AccountabilityRev 5system

Response to Audit Logging Process Failures

Baselines:LowModerateHigh

Control Statement

a. Alert [Assignment: personnel or roles] within [Assignment: time period] in the event of an audit logging process failure; and b. Take the following additional actions: [Assignment: additional actions].

Supplemental Guidance

Audit logging process failures include software and hardware errors, failures in audit log capturing mechanisms, and reaching or exceeding audit log storage capacity. Organization-defined actions include overwriting oldest audit records, shutting down the system, and stopping the generation of audit records. Organizations may choose to define additional actions for audit logging process failures based on the type of failure, the location of the failure, the severity of the failure, or a combination of such factors. When the audit logging process failure is related to storage, the response is carried out for the audit log storage repository (i.e., the distinct system component where the audit logs are stored), the system on which the audit logs reside, the total audit log storage capacity of the organization (i.e., all audit log storage repositories combined), or all three. Organizations may decide to take no additional actions after alerting designated roles or personnel.

Related Controls (9)

AU-2AU-4AU-7AU-9AU-11AU-12AU-14SI-4SI-12

CCI Identifiers (5)

CCI-000139Alert organization-defined personnel or roles within an organization-defined time period in the event of an audit logging process failure.CCI-000140Take organization-defined actions upon audit failure include, shutting down the system, overwriting oldest audit records, and stopping the generation of audit records.CCI-001572Defines the personnel or roles to be alerted in the event of an audit logging process failure.CCI-001490Defines the actions to be taken by the system upon audit failure, including shutting down the system, overwriting oldest audit records, and stopping the generation of audit records.CCI-003814Defines the time-period for the alert in the event of an audit process failure.

Linked STIG Checks (200)

Across 118 STIGs. Click to expand.