The IDPS must assign a critical severity level to all audit processing failures.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-206904 | SRG-NET-000335 | SRG-NET-000335-IDPS-00223 | SV-206904r856542_rule | 2025-09-22 | 3 |
Description
It is critical that when the IDPS is at risk of failing to process audit logs as required, it takes action to mitigate the failure
Audit processing failures include: software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Since action must be taken immediately, these messages will be designated as a critical severity level and this level must be sent as part of the alert message.
ℹ️ Check
Verify the IDPS provides assign a critical severity level to all audit processing failures.
If the IDPS does not assign a critical severity level to all audit processing failures, this is a finding.
✔️ Fix
Configure the IDPS to assign a critical severity level to all audit processing failures.