AU-5(3): Configurable Traffic Volume Thresholds

Control Family:

Audit and Accountability

Parent Control:

AU-5: Response to Audit Logging Process Failures

Threats Addressed:

Denial of Service

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
AU-5(3): Configurable Traffic Volume Thresholds

Control Statement

Enforce configurable network communications traffic volume thresholds reflecting limits on audit log storage capacity and [Assignment: reject, delay] network traffic above those thresholds.

Supplemental Guidance

Organizations have the capability to reject or delay the processing of network communications traffic if audit logging information about such traffic is determined to exceed the storage capacity of the system audit logging function. The rejection or delay response is triggered by the established organizational traffic volume thresholds that can be adjusted based on changes to audit log storage capacity.