AU-5: Response to Audit Logging Process Failures

NIST Baseline: Low

Information resource owners or their designees, including the owner of the centralized logging system, are responsible for:
- Specifying appropriate monitoring for logging failures for the systems under their authority;
- Defining audit alert thresholds for the systems under their authority; and
- Designating appropriate contacts to receive alerts for the systems under their authority.
The information resource custodian is responsible for ensuring that information resources are configured to:
- Automate alerts in the event of an audit failure, and
- Automate alerts once the maximum storage capacity for audit logs is reached.
The information resource shall overwrite the oldest audit records or automatically shut down to eliminate the change of an incident without auditing and accountability.

None. See any applicable internal procedures.