An error occurred:

Check: SRG-OS-000343-VMM-001240

Virtual Machine Manager SRG: SRG-OS-000343-VMM-001240 (in versions v2 r2 through v1 r3)

Title

The VMM must provide an immediate warning to the SA and ISSO, at a minimum, when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity. (Cat II impact)

Discussion

If security personnel are not notified immediately when storage volume reaches 75%, they are unable to plan for audit record storage capacity expansion.

Check Content

Verify the VMM provides an immediate warning to the SA and ISSO, at a minimum, when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity. If it does not, this is a finding.

Fix Text

Configure the VMM to provide an immediate warning to the SA and ISSO, at a minimum, when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.

Additional Identifiers

Rule ID: SV-207454r971542_rule

Vulnerability ID: V-207454

Group Title: SRG-OS-000343

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001855

Provide a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit log storage volume reaches an organization-defined percentage of repository maximum audit log storage capacity.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-5(1)

Audit Storage Capacity