Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

au-5(4)

response to audit processing failures  | shutdown on failure

assessment objective:

Determine if:

au-5(4)[1]

the organization selects one of the following specific actions for the information system to invoke in the event of organization-defined audit failures:

AU-5(4)[1][a]

full system shutdown;

AU-5(4)[1][b]

partial system shutdown; or

AU-5(4)[1][c]

degraded operational mode with limited mission/business functionality available;

au-5(4)[2]

the organization defines audit failures that, unless an alternate audit capability exists, are to trigger the information system to invoke a specific action; and

au-5(4)[3]

the information system invokes the selected specific action in the event of organization-defined audit failures, unless an alternate audit capability exists.

potential assessment methods and objects:

Examine: [select from: Audit and accountability policy; procedures addressing response to audit processing failures; information system design documentation; security plan; information system configuration settings and associated documentation; information system audit records; other relevant documents or records].

Interview: [select from: Organizational personnel with audit and accountability responsibilities; organizational personnel with information security responsibilities; system/network administrators; system developers].

Test: [select from: Information system capability invoking system shutdown or degraded operational mode in the event of an audit processing failure].