AU-4: Audit Log Storage Capacity

Control Family:

Audit and Accountability

CSF v1.1 References:

PR.DS-4

PF v1.0 References:

PR.DS-P4

Threats Addressed:

Denial of Service

Baselines:

Low
- AU-4
Moderate
- AU-4
High
- AU-4
Privacy
N/A

Previous Version:

NIST Special Publication 800-53 Revision 4:
AU-4: Audit Storage Capacity

Control Statement

Allocate audit log storage capacity to accommodate [Assignment: organization-defined audit log retention requirements].

Supplemental Guidance

Organizations consider the types of audit logging to be performed and the audit log processing requirements when allocating audit log storage capacity. Allocating sufficient audit log storage capacity reduces the likelihood of such capacity being exceeded and resulting in the potential loss or reduction of audit logging capability.

Control Enhancements

AU-4(1): Transfer to Alternate Storage

Baseline(s):

(Not part of any baseline)

Transfer audit logs [Assignment: organization-defined frequency] to a different system, system component, or media other than the system or system component conducting the logging.

Control Statement

Supplemental Guidance

Control Enhancements

Related Controls

NIST Special Publication 800-53 Revision 5

Cloud Controls Matrix v3.0.1

Critical Security Controls Version 8

Critical Security Controls Version 7.1