AU-4 - Audit Storage Capacity
Control requirements
- AU-4 - 0
- The organization allocates audit record storage capacity in accordance with [Assignment: organization-defined audit record storage requirements].
Implementation guidance
See the resources that follow to learn more about how to implement this control.
IBM Cloud for Financial Services profile
The rules related to this control that follow are part of the IBM Cloud for Financial Services v1.2.0 profile in IBM Cloud® Security and Compliance Center.
- Check whether Cloud Object Storage quota enforcement is off for buckets that are configured to use Activity Tracker Event Routing
- Check whether Cloud Object Storage buckets with a quota have threshold-based alerts enabled
NIST supplemental guidance
Organizations consider the types of auditing to be performed and the audit processing requirements when allocating audit storage capacity. Allocating sufficient audit storage capacity reduces the likelihood of such capacity being exceeded and resulting in the potential loss or reduction of auditing capability.