AU-4: Audit Log Storage Capacity

CSF v1.1 References:

PF v1.0 References:

Threats Addressed:


  • Low
    • AU-4
  • Moderate
    • AU-4
  • High
    • AU-4
  • Privacy


Previous Version:

Control Statement

Allocate audit log storage capacity to accommodate [Assignment: organization-defined audit log retention requirements].

Supplemental Guidance

Organizations consider the types of audit logging to be performed and the audit log processing requirements when allocating audit log storage capacity. Allocating sufficient audit log storage capacity reduces the likelihood of such capacity being exceeded and resulting in the potential loss or reduction of audit logging capability.

Control Enhancements

AU-4(1): Transfer to Alternate Storage


(Not part of any baseline)

Transfer audit logs [Assignment: organization-defined frequency] to a different system, system component, or media other than the system or system component conducting the logging.