Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The information system provides a warning to [Assignment: organization-defined personnel, roles, and/or locations] within [Assignment: organization-defined time period] when allocated audit record storage volume reaches [Assignment: organization-defined percentage] of repository maximum audit record storage capacity.
NIST 800-53 (r4) Supplemental Guidance:
Organizations may have multiple audit data storage repositories distributed across multiple information system components, with each repository having different storage volume capacities.
NIST 800-53 (r5) Discussion:
Organizations may have multiple audit log storage repositories distributed across multiple system components with each repository having different storage volume capacities.
38North Guidance:
Meets Minimum Requirement:
The Cloud Service Offering (CSO) is configured to provide a warning to [ a defined role or group] within a [organization defined] time period when the CSO allocated audit record storage volume reaches an [organization defined] percentage of repository maximum audit record storage capacity. This control ensures that audit information is protected from accidental loss, unauthorized access, modification and deletion.
Best Practice:
TBD
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Review the Audit and Accountability policy and procedure to ensure the Cloud Service Provider (CSP) has organizationally defined the time period when the CSO allocated audit record storage volume reaches an organizationally defined percentage of repository maximum audit record storage capacity.
Review the Security Information and Event Management (SIEM) tool configuration settings to ensure a warning is issued to a defined role/group within the defined time periods/percentages outlined within the policy and procedure.
Review recent warnings issued from the SIEM tool to the defined role/group within the defined time periods/percentages outlined within the policy and procedure.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse