Capacity
CCI-001855
Provide a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit log storage volume reaches an organization-defined percentage of repository maximum audit log storage capacity.
27
Rule
Severity: Medium
Configure auditd mail_acct Action on Low Disk Space
30
Rule
Severity: Medium
Configure auditd admin_space_left Action on Low Disk Space
30
Rule
Severity: Medium
Configure auditd space_left Action on Low Disk Space
13
Rule
Severity: Medium
Configure auditd admin_space_left on Low Disk Space
27
Rule
Severity: Medium
Configure auditd space_left on Low Disk Space
2
Rule
Severity: Medium
The Apache web server must use a logging mechanism that is configured to provide a warning to the Information System Security Officer (ISSO) and System Administrator (SA) when allocated record storage volume reaches 75 percent of maximum log record storage capacity.
2
Rule
Severity: Medium
The application server must provide an immediate warning to the SA and ISSO, at a minimum, when allocated log record storage volume reaches 75% of maximum log record storage capacity.
2
Rule
Severity: Medium
The application must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.
2
Rule
Severity: Low
The Central Log Server must be configured to send an immediate alert to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity.
1
Rule
Severity: Medium
Log aggregation/SIEM systems must be configured to alarm when audit storage space for Docker Engine - Enterprise nodes exceed 75% usage.
1
Rule
Severity: Medium
The HP FlexFabric Switch must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.
1
Rule
Severity: Low
The DataPower Gateway must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.
1
Rule
Severity: Medium
The MQ Appliance messaging server must provide an immediate warning to the SA and ISSO, at a minimum, when allocated log record storage volume reaches 75% of maximum log record storage capacity.
1
Rule
Severity: Medium
DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.
1
Rule
Severity: Medium
The MQ Appliance network device must generate an immediate alert when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.
2
Rule
Severity: Medium
The Mainframe Product must provide an immediate warning to the system programmer and security administrator (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.
2
Rule
Severity: Medium
Azure SQL Database must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.
1
Rule
Severity: Medium
SQL Server, the operating system, or the storage system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.
1
Rule
Severity: Medium
Nutanix AOS must provide an immediate warning to the SA and ISSO, at a minimum, when allocated log record storage volume reaches 75 percent of maximum log record storage capacity.
2
Rule
Severity: Medium
Rancher MCM must allocate audit record storage and generate audit records associated with events, users, and groups.
2
Rule
Severity: Low
Splunk Enterprise must be configured to send an immediate alert to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity.
1
Rule
Severity: Medium
Tanium must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.
2
Rule
Severity: Medium
The Tanium application must provide an immediate warning to the system administrator and information system security officer (at a minimum) when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.
1
Rule
Severity: Medium
The Tanium application must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.
2
Rule
Severity: Medium
The Tanium application must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.
2
Rule
Severity: Medium
The Tanium operating system (TanOS) must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.
2
Rule
Severity: Medium
The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.
1
Rule
Severity: Medium
The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.
3
Rule
Severity: Low
The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.
3
Rule
Severity: Medium
The macOS system must configure audit capacity warning.
3
Rule
Severity: Low
The Ubuntu operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.
2
Rule
Severity: Medium
The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.
2
Rule
Severity: Medium
The container platform must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.
2
Rule
Severity: Medium
The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.
2
Rule
Severity: Medium
The DBMS must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.
2
Rule
Severity: Low
The operating system must immediately notify the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.
4
Rule
Severity: Medium
IBM z/OS BUFUSEWARN in the SMFPRMxx must be properly set.
2
Rule
Severity: Medium
MarkLogic Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.
2
Rule
Severity: Medium
MariaDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.
1
Rule
Severity: Medium
MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.
2
Rule
Severity: Medium
MongoDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.
2
Rule
Severity: Medium
SQL Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.
3
Rule
Severity: Medium
The DBMS itself, or the logging or alerting mechanism the application utilizes, must provide a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity.
2
Rule
Severity: Medium
The Oracle Linux operating system must initiate an action to notify the System Administrator (SA) and Information System Security Officer (ISSO), at a minimum, when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.
2
Rule
Severity: Medium
The Oracle Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when the threshold for the repository maximum audit record storage capacity is reached.
2
Rule
Severity: Medium
The Oracle Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when the threshold for the repository maximum audit record storage capacity is reached.
2
Rule
Severity: Medium
OL 8 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.
2
Rule
Severity: Medium
OL 8 must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume 75 percent utilization.
2
Rule
Severity: Medium
The MySQL Database Server 8.0 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.
2
Rule
Severity: Low
The Palo Alto Networks security platform must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.
1
Rule
Severity: Medium
The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.
2
Rule
Severity: Medium
Redis Enterprise DBMS must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must initiate an action to notify the System Administrator (SA) and Information System Security Officer ISSO, at a minimum, when allocated audit record storage volume reaches 75% of the repository maximum audit record storage capacity.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) via email when the threshold for the repository maximum audit record storage capacity is reached.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must immediately notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when the threshold for the repository maximum audit record storage capacity is reached.
2
Rule
Severity: Medium
RHEL 8 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.
2
Rule
Severity: Medium
RHEL 8 must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume 75 percent utilization.
4
Rule
Severity: Medium
The SUSE operating system auditd service must notify the System Administrator (SA) and Information System Security Officer (ISSO) immediately when audit storage capacity is 75 percent full.
2
Rule
Severity: Medium
RHEL 9 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.
2
Rule
Severity: Medium
RHEL 9 must notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume 75 percent utilization.
2
Rule
Severity: Medium
RHEL 9 must take action when allocated audit record storage volume reaches 95 percent of the audit record storage capacity.
2
Rule
Severity: Medium
RHEL 9 must take action when allocated audit record storage volume reaches 95 percent of the repository maximum audit record storage capacity.
2
Rule
Severity: Medium
RHEL 9 System Administrator (SA) and/or information system security officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.
4
Rule
Severity: Medium
The audit system must alert the SA when the audit storage volume approaches its capacity.
2
Rule
Severity: Low
Splunk Enterprise must be configured to send an immediate alert to the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated log record storage volume reaches 75 percent of the repository maximum log record storage capacity.
2
Rule
Severity: Medium
The VMM must provide an immediate warning to the SA and ISSO, at a minimum, when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.
1
Rule
Severity: Medium
The Photon operating system must configure auditd to log space limit problems to syslog.
1
Rule
Severity: Medium
VMware Postgres must be configured to log to "stderr".
1
Rule
Severity: Medium
"Rsyslog" must be configured to monitor VMware Postgres logs.
3
Rule
Severity: Low
The Photon operating system must immediately notify the SA and ISSO when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.
2
Rule
Severity: Medium
The web server must use a logging mechanism that is configured to provide a warning to the ISSO and SA when allocated record storage volume reaches 75% of maximum log record storage capacity.
1
Rule
Severity: Medium
The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.
1
Rule
Severity: Low
The BIG-IP appliance must be configured to generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.
1
Rule
Severity: Low
Ubuntu 22.04 LTS must immediately notify the system administrator (SA) and information system security officer (ISSO) when the audit record storage volume reaches 25 percent remaining of the allocated capacity.
1
Rule
Severity: Medium
PostgreSQL must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.
1
Rule
Severity: Medium
SLEM 5 auditd service must notify the system administrator (SA) and information system security officer (ISSO) immediately when audit storage capacity is 75 percent full.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules