home || catalog: SP800-53rev3 / class: Technical / family: (AU) Audit and Accountability ||
search controls:
search nistpubs:

AC
AT
AU

AU-01
AU-02
AU-03
AU-04
AU-05 *
AU-06
AU-07
AU-08
AU-09
AU-10
AU-11
AU-12
AU-13
AU-14
AU-3, AC-22

CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
RA
SA
SC
SI
MMMMM

  AU-05: Response to Audit Processing Failures  

base control objective:
The information system:
a. Alerts designated organizational officials in the event of an audit processing failure; and
b. Takes the following additional actions: [Assignment: organization-defined actions to be taken (e.g., shut down information system, overwrite oldest audit records, stop generating audit records)].

supplemental objective information:
Audit processing failures include, for example, software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded.

enhancements to the base objective:

(1) The information system provides a warning when allocated audit record storage volume reaches [Assignment: organization-defined percentage of maximum audit record storage capacity].

(2) The information system provides a real-time alert when the following audit failure events occur: [Assignment: organization-defined audit failure events requiring real-time alerts].

(3) The information system enforces configurable traffic volume thresholds representing auditing capacity for network traffic and [Selection: rejects or delays] network traffic above those thresholds.

(4) The information system invokes a system shutdown in the event of an audit failure, unless an alternative audit capability exists.

mapping to FIPS199 baseline:

  LOW: base     MOD: base     HIGH: base (1) (2)  

related (regimented) controls:

AU-04   Audit Storage Capacity

documents referenced in SP800-53rev3 for AU-05:

Document Date Status Title
NIST SP800-83 September, 2006 current   Guide to Malware Incident Prevention and Handling
NIST SP800-92 September, 2006 current   Guide to Computer Security Log Management

Search SP800-53rev3 catalog: