STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to NetApp ONTAP DSC 9.x Security Technical Implementation Guide

V-246935

CAT II (Medium)

ONTAP must have audit guarantee enabled.

Rule ID

SV-246935r961401_rule

STIG

NetApp ONTAP DSC 9.x Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-001858

Discussion

It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. With audit guarantee enabled, all SMB operations must generate an audit event before an ACK is returned to the client and the operation completed. If the audit event cannot be written, then the client operation is delayed or denied.

Check Content

Use "vserver audit show -fields audit-guarantee" to see if audit guarantee is enabled.

If audit-guarantee is set to false, this is a finding.

Fix Text

Use the command "vserver audit modify -vserver <vserver_name> -destination <audit log location> -audit-guarantee true" to set audit-guarantee to true.  

An example command for a vserver named svm01 with the audit logs at /audit_log would be "vserver audit modify -vserver svm01 -destination /audit_log -audit-guarantee true".

Use the command "vserver audit show -fields audit-guarantee" to verify the change.