Navigate

AU-5(4)

AU-5(4): Shutdown on Failure

Invoke a [one or more of "full system shutdown"/"partial system shutdown"/"degraded operational mode with limited mission or business functionality available"] in the event of [audit logging failures that trigger a change in operational mode are defined;] , unless an alternate audit logging capability exists.

Supplemental

Organizations determine the types of audit logging failures that can trigger automatic system shutdowns or degraded operations. Because of the importance of ensuring mission and business continuity, organizations may determine that the nature of the audit logging failure is not so severe that it warrants a complete shutdown of the system supporting the core organizational mission and business functions. In those instances, partial system shutdowns or operating in a degraded mode with reduced capability may be viable alternatives.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
CDS - Access, CDS - Multilevel, CDS - Transfer

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to AU-5(4).

Control	Description
AU-15

Enhancements

The controls below (if any) add on to the requirements of AU-5(4).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AU-5(4).

CCI	Definition
CCI-001860	Defines the audit logging failures which, should they occur, will invoke an organization-defined system mode.
CCI-001861	Invoke a full system shutdown, partial system shutdown, or degraded operational mode with limited mission or business functionality available in the event of organization-defined audit logging failures, unless an alternate audit logging capability exists.
CCI-002907	Defines the system mode to be invoked, such as a full system shutdown, a partial system shutdown, or a degraded operational mode with limited mission or business functionality available, in the event of organization-defined audit logging failures.