AU-5 Response to Audit Processing Failures
Description
Audit processing failures include, for example, software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. Organizations may choose to define additional actions for different audit processing failures (e.g., by type, by location, by severity, or a combination of such factors).
This Control applies to each audit data storage repository (i.e., distinct information system component where audit records are stored), the total audit storage capacity of organizations (i.e., all audit data storage repositories combined), or both.
Applicability
This Control applies to all TAMU-CC University information resources containing controlled or confidential information.
The intended audience is information resource custodians who are responsible for the installation of new information resources, the operations of existing information resources, and individuals accountable for information resources security.
Implementation
The information system:
- Alerts appropriate organizational officials in the event of an audit processing failure; and
- Takes the following additional actions may including, but not limited to:
- alert the Office of Information Security (OIS) of logging failure
- troubleshoot root cause of failure
- log failure of event
- shut down information system
- overwrite oldest audit records if older that retention stated in AU-4 and AU-11
- stop generating audit records with approval of Office of Information Security (OIS)
Revision History
Last Updated: February 21, 2025
Previous Versions:
- June 29, 2023
- May 31, 2022
- March 25, 2021
- September 16, 2019