AU-04-727 Audit Storage Capacity

Audit Storage Capacity

AU-04-727
Audit Storage Capacity
Audit and Accountability
Protect
Media, Security Monitoring and Event Analysis
LOW, MOD, HIGH
P1
Yes
August 18, 2016

Information resource custodians shall ensure sufficient storage space is allocated to maintain audit records for the required duration.

Logging facilities and log information is compromised and tampered with due to inadequate data protection mechanisms.
The organization allocates audit record storage capacity in accordance with [Assignment: organization-defined audit record storage requirements].
Data storage space is available to accommodate audit records.
The state organization allocates sufficient audit record storage capacity and configures auditing to reduce the likelihood of such capacity being exceeded.
Obtain audit and accountability policy; procedures addressing audit storage capacity; information system design documentation; organization-defined audit record storage capacity for information system components that store audit records; list of organization-defined auditable events; information system configuration settings and associated documentation; information system audit records; other relevant documents or records and ascertain if (I)the organization allocates sufficient audit record storage capacity; and (ii)the organization configures auditing to reduce the likelihood of audit record storage capacity being exceeded.