An error occurred:

Check: SRG-OS-000343-GPOS-00134

General Purpose Operating System SRG: SRG-OS-000343-GPOS-00134 (in versions v2 r7 through v1 r4)

Title

The operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity. (Cat III impact)

Discussion

If security personnel are not notified immediately when storage volume reaches 75% utilization, they are unable to plan for audit record storage capacity expansion.

Check Content

Verify the operating system immediately notifies the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity. If it does not, this is a finding.

Fix Text

Configure the operating system to immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.

Additional Identifiers

Rule ID: SV-203702r877389_rule

Vulnerability ID: V-203702

Group Title: SRG-OS-000343

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001855

The information system provides a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit record storage volume reaches an organization-defined percentage of repository maximum audit record storage capacity.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-5 (1)

Audit Storage Capacity