AU-4 - Audit Storage Capacity

Control requirements

AU-4 - 0

The organization allocates audit record storage capacity in accordance with [Assignment: organization-defined audit record storage requirements].

Implementation guidance

See the resources that follow to learn more about how to implement this control.

• Audit logging of application provider events and SIEM
• Audit logging of IBM Cloud events
• IBM Cloud account setup

IBM Cloud for Financial Services profile

The rules related to this control that follow are part of the IBM Cloud for Financial Services v1.2.0 profile in IBM Cloud® Security and Compliance Center.

• Check whether Cloud Object Storage quota enforcement is off for buckets that are configured to use Activity Tracker Event Routing
• Check whether Cloud Object Storage buckets with a quota have threshold-based alerts enabled

NIST supplemental guidance

Organizations consider the types of auditing to be performed and the audit processing requirements when allocating audit storage capacity. Allocating sufficient audit storage capacity reduces the likelihood of such capacity being exceeded and resulting in the potential loss or reduction of auditing capability.