In the event of a logging failure caused by the lack of audit record storage capacity, the IDPS must continue generating and storing audit records if possible, overwriting the oldest audit records in a first-in-first-out manner.

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

In the event of a logging failure caused by the lack of audit record storage capacity, the IDPS must continue generating and storing audit records if possible, overwriting the oldest audit records in a first-in-first-out manner.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34555	SRG-NET-000089-IDPS-00069	SV-45397r2_rule		Medium

Description
It is critical that when the IDPS is at risk of failing to process audit logs as required, it takes action to mitigate the failure. The IDPS performs a critical security function, so its continued operation is imperative. Since availability of the IDPS is an overriding concern, shutting down the system in the event of an audit failure should be avoided, except as a last resort.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2015-06-26

Details

Check Text ( None )
None

Fix Text (None)
None