Navigate

AU-5(4)

AU-5(4): Shutdown On Failure

The information system invokes a [] in the event of [organization-defined audit failures], unless an alternate audit capability exists.

Supplemental

Organizations determine the types of audit failures that can trigger automatic information system shutdowns or degraded operations. Because of the importance of ensuring mission/business continuity, organizations may determine that the nature of the audit failure is not so severe that it warrants a complete shutdown of the information system supporting the core organizational missions/business operations. In those instances, partial information system shutdowns or operating in a degraded mode with reduced capability may be viable alternatives.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to AU-5(4).

Control	Description
AU-15	The organization provides an alternate audit capability in the event of a failure in primary audit capability that provides [organization-defined alternate audit functionality].

Enhancements

The controls below (if any) add on to the requirements of AU-5(4).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AU-5(4).

CCI	Definition
CCI-001860	Defines the audit logging failures which, should they occur, will invoke an organization-defined system mode.
CCI-001861	Invoke a full system shutdown, partial system shutdown, or degraded operational mode with limited mission or business functionality available in the event of organization-defined audit logging failures, unless an alternate audit logging capability exists.
CCI-002907	Defines the system mode to be invoked, such as a full system shutdown, a partial system shutdown, or a degraded operational mode with limited mission or business functionality available, in the event of organization-defined audit logging failures.