CCI-001861

Invoke a full system shutdown, partial system shutdown, or degraded operational mode with limited mission or business functionality available in the event of organization-defined audit logging failures, unless an alternate audit logging capability exists.

Implementation Guidance

Determine if [AU-05(04)_ODP[01]; one or more of the following PARAMETER VALUES is/are selected: {full system shutdown; partial system shutdown; degraded operational mode with limited mission or business functionality available}] is/are invoked in the event of [AU-05(04)_ODP[02]; audit logging failures that trigger a change in operational mode are defined], unless an alternate audit logging capability exists.

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; procedures addressing response to audit processing failures; system design documentation; system security plan; privacy plan; system configuration settings and associated documentation; system audit records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with audit and accountability responsibilities; organizational personnel with information security and privacy responsibilities; system/network administrators; system developers]. Test: [SELECT FROM: System capability invoking system shutdown or degraded operational mode in the event of an audit processing failure].

The controls below (if any) were marked by NIST as being related to CCI-001861.