STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide

V-34555

CAT II (Medium)

In the event of a logging failure caused by the lack of audit record storage capacity, the IDPS must continue generating and storing audit records if possible, overwriting the oldest audit records in a first-in-first-out manner.

Rule ID

SV-45397r2_rule

STIG

Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide

Version

V2R6

CCIs

CCI-000140

Discussion

It is critical that when the IDPS is at risk of failing to process audit logs as required, it takes action to mitigate the failure.<br /><br />The IDPS performs a critical security function, so its continued operation is imperative. Since availability of the IDPS is an overriding concern, shutting down the system in the event of an audit failure should be avoided, except as a last resort.

Check Content

Verify the IDPS, in the event of a logging failure caused by the lack of audit record storage capacity, continues generating and storing audit records and overwriting the oldest audit records in a first-in-first-out manner.<br /><br />In the event of a logging failure caused by the lack of audit record storage capacity, if the IDPS does not continue generating and storing audit records and overwriting the oldest audit records in a first-in-first-out manner, this is a finding.

Fix Text

Configure the IDPS to, in the event of a logging failure caused by the lack of audit record storage capacity, continue generating and storing audit records and overwriting the oldest audit records in a first-in-first-out manner.