AU-05 Response To Audit Processing Failures
Control: The information system alerts appropriate organizational officials in the event of an audit processing failure and takes the following additional actions: [Assignment: organization-defined actions to be taken (e.g., shut down information system, overwrite oldest audit records, stop generating audit records)].
Supplemental Guidance: Audit processing failures include, for example, software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. Related security control: AU-4.
Control Enhancements:
(1) The information system provides a warning when allocated audit record storage volume reaches [Assignment: organization-defined percentage of maximum audit record storage capacity].
(2) The information system provides a real-time alert when the following audit failure events occur: [Assignment: organization-defined audit failure events requiring real-time alerts].
Baseline: LOW AU-5 MOD AU-5 HIGH AU-5 (1) (2)
Family: Audit And Accountability
Class: Technical
ISO 17799 mapping: 10.10.3
COBIT 4.1 mapping: None.
PCI-DSS v2 mapping: 10.6, 12.9