National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NIST Special Publication 800-53 (Rev. 4)

Security and Privacy Controls for Federal Information Systems and Organizations

AU-4 AUDIT STORAGE CAPACITY

Family:
AU - AUDIT AND ACCOUNTABILITY
Class:
Priority:
P1 - Implement P1 security controls first.
Baseline Allocation:
Low Moderate High
AU-4 AU-4 AU-4

Control Description

The organization allocates audit record storage capacity in accordance with [Assignment: organization-defined audit record storage requirements].

Supplemental Guidance

Organizations consider the types of auditing to be performed and the audit processing requirements when allocating audit storage capacity. Allocating sufficient audit storage capacity reduces the likelihood of such capacity being exceeded and resulting in the potential loss or reduction of auditing capability.

Related to: AU-2AU-5AU-6AU-7AU-11SI-4

Control Enhancements

AU-4(1) AUDIT STORAGE CAPACITY | TRANSFER TO ALTERNATE STORAGE
The information system off-loads audit records [Assignment: organization-defined frequency] onto a different system or media than the system being audited.
Supplemental Guidance: Off-loading is a process designed to preserve the confidentiality and integrity of audit records by moving the records from the primary information system to a secondary or alternate system. It is a common process in information systems with limited audit storage capacity; the audit storage is used only in a transitory fashion until the system can communicate with the secondary or alternate system designated for storing the audit records, at which point the information is transferred.

References

None.