AU-5(4): Shutdown On Failure

Control Family:

Audit And Accountability

Parent Control:

AU-5: Response To Audit Processing Failures

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.PT-1

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
AU-5(4): Shutdown on Failure

Control Statement

The information system invokes a [Selection: full system shutdown; partial system shutdown; degraded operational mode with limited mission/business functionality available] in the event of [Assignment: organization-defined audit failures], unless an alternate audit capability exists.

Supplemental Guidance

Organizations determine the types of audit failures that can trigger automatic information system shutdowns or degraded operations. Because of the importance of ensuring mission/business continuity, organizations may determine that the nature of the audit failure is not so severe that it warrants a complete shutdown of the information system supporting the core organizational missions/business operations. In those instances, partial information system shutdowns or operating in a degraded mode with reduced capability may be viable alternatives.