>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AU-5Response To Audit Processing Failures

PBMM (P2)
Secret (P2)
Technical

>Control Description

(A) The information system alerts organization-defined personnel or roles in the event of an audit processing failure; and (B) The information system takes the following additional actions: organization-defined actions to be taken (e.g., shut down information system, overwrite oldest audit records, stop generating audit records).

>Supplemental Guidance

Audit processing failures include, for example, software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. Organizations may choose to define additional actions for different audit processing failures (e.g., by type, by location, by severity, or a combination of such factors). This control applies to each audit data storage repository (i.e., distinct information system component where audit records are stored), the total audit storage capacity of organizations (i.e., all audit data storage repositories combined), or both.

Related controls: AU-4, SI-12

>Tailoring Guidance

This security control/enhancement is considered to be best practice. Consequently, inclusion in a departmental profile is strongly encouraged in most cases.

>Profile-Specific Parameters

(B) Action [overwrite]

Ask AI

Configure your API key to use AI features.