STIGQter: STIG Summary: Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide Version: 2 Release: 6 Benchmark Date: 24 Jul 2020:

In the event of a logging failure caused by the lack of audit record storage capacity, the IDPS must continue generating and storing audit records if possible, overwriting the oldest audit records in a first-in-first-out manner.

DISA Rule

SV-45397r2_rule

Vulnerability Number

V-34555

Group Title

SRG-NET-000089-IDPS-00069

Rule Version

SRG-NET-000089-IDPS-00069

Severity

CAT II

CCI(s)

CCI-000140 - The information system takes organization-defined actions upon audit failure (e.g., shut down information system, overwrite oldest audit records, stop generating audit records).

Weight

Fix Recommendation

Configure the IDPS to, in the event of a logging failure caused by the lack of audit record storage capacity, continue generating and storing audit records and overwriting the oldest audit records in a first-in-first-out manner.

Check Contents

Verify the IDPS, in the event of a logging failure caused by the lack of audit record storage capacity, continues generating and storing audit records and overwriting the oldest audit records in a first-in-first-out manner.

In the event of a logging failure caused by the lack of audit record storage capacity, if the IDPS does not continue generating and storing audit records and overwriting the oldest audit records in a first-in-first-out manner, this is a finding.

In the event of a logging failure caused by the lack of audit record storage capacity, the IDPS must continue generating and storing audit records if possible, overwriting the oldest audit records in a first-in-first-out manner.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments