AU — AUDIT AND ACCOUNTABILITY
AU-4: AUDIT STORAGE CAPACITY
-
NIST 800-53R4 Membership AU-4:
- LOW
- MODERATE
- HIGH
The organization allocates audit record storage capacity in accordance with [Assignment: organization-defined audit record storage requirements].
SUPPLEMENTAL GUIDANCE
Organizations consider the types of auditing to be performed and the audit processing requirements when allocating audit storage capacity. Allocating sufficient audit storage capacity reduces the likelihood of such capacity being exceeded and resulting in the potential loss or reduction of auditing capability.
RELATED CONTROLS: AU-4
CONTROL ENHANCEMENTS
AU-4 (1) AUDIT STORAGE CAPACITY | TRANSFER TO ALTERNATE STORAGE
The information system off-loads audit records [Assignment: organization-defined frequency] onto a different system or media than the system being audited.
Supplemental Guidance:
Off-loading is a process designed to preserve the confidentiality and integrity of audit records by moving the records from the primary information system to a secondary or alternate system. It is a common process in information systems with limited audit storage capacity; the audit storage is used only in a transitory fashion until the system can communicate with the secondary or alternate system designated for storing the audit records, at which point the information is transferred.
REFERENCES:
- NO REFERENCES