base control objective:
supplemental objective information:
enhancements to the base objective:
(1) The information system provides a warning when allocated audit record storage volume reaches [Assignment: organization-defined percentage of maximum audit record storage capacity].
(2) The information system provides a real-time alert when the following audit failure events occur: [Assignment: organization-defined audit failure events requiring real-time alerts].
(3) The information system enforces configurable traffic volume thresholds representing auditing capacity for network traffic and [Selection: rejects or delays] network traffic above those thresholds.
(4) The information system invokes a system shutdown in the event of an audit failure, unless an alternative audit capability exists.
mapping to FIPS199 baseline:
related (regimented) controls:
documents referenced in SP800-53rev3 for AU-05: