STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Apple macOS 13 (Ventura) Security Technical Implementation Guide

V-257180

CAT III (Low)

The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity.

Rule ID

SV-257180r971542_rule

STIG

Apple macOS 13 (Ventura) Security Technical Implementation Guide

Version

V1R5

CCIs

CCI-001855

Discussion

The audit service must be configured to require a minimum percentage of free disk space to run. This ensures that audit will notify the administrator that action is required to free up more disk space for audit logs. When "minfree" is set to 25 percent, security personnel are notified immediately when the storage volume is 75 percent full and are able to plan for audit record storage capacity expansion.

Check Content

Verify the macOS system is configured to require a minimum of 25 percent free disk space for audit record storage with the following command:

/usr/bin/sudo /usr/bin/grep ^minfree /etc/security/audit_control

minfree:25

If "minfree" is not set to "25", this is a finding.

Fix Text

Configure the macOS system to require 25 percent free disk space for audit record storage with the following command:

/usr/bin/sudo /usr/bin/sed -i.bak 's/.*minfree.*/minfree:25/' /etc/security/audit_control; /usr/bin/sudo /usr/sbin/audit -s

Alternatively, use a text editor to update the "/etc/security/audit_control" file.