← Controls / AU

AU-04 Audit Storage Capacity

Audit and Accountability

Low Moderate High

Description

The organization allocates sufficient audit record storage capacity and configures auditing to reduce the likelihood of such capacity being exceeded.

Supplemental Guidance

The organization provides sufficient audit storage capacity, taking into account the auditing to be performed and the online audit processing requirements. Related security controls: AU-02, AU-05, AU-06, AU-07, SI-04.

Changes from Rev 4

Adds ’Log’ to title Changes parameter text from ‘record storage’ to ‘log retention’

Enhancements

(0) None.

Compliance Mappings

ISO 27001:2022

7.5A.8.15A.8.6

ISO 27002:2022

8.158.6

COBIT 2019

BAI04

CIS Controls v8

CIS 8CIS 8.3

NIST CSF 2.0

PR.IR-04

IEC 62443

3-3 SR 2.93-3 SR 7.2

BSI IT-Grundschutz

OPS.1.1.5

ANSSI

Hygiene.29SecNumCloud.13.7

FINMA Circular 2023/1

IV.A(28)IV.A(29)IV.C(66)

OSFI B-13

B-13.3.3

EU GDPR

Art.30(1)Art.5(1)(e)

EU DORA

Art.10(1)

BIO2

8.158.6

RBI CSF

Annex1.16ITGRCA.15

FISC Security Guidelines

FISC.O11FISC.O13

LGPD + BCB 4893

BCB.Art.20BCB.Art.9

HKMA TM-E-1

TME1.5.2TME1.5.3

DNB Good Practice

DNB.18.1

EU CRA

CRA.I.2l

NCA ECC

2-12

UAE IA

T7

CBB TM

TM-12TM-5

Qatar NIA

OS

CBUAE

CR-3

CBE CSF

CD-1

SA JS2

JS2-7.3

CBN CSF

Part3.5

BoG CISD

CISD-VII

BoM CTRM

4.2

IOSCO Cyber Resilience

DET-1

BCBS 239

Principle 5

CPMI-IOSCO PFMI

CG.DE

FFIEC IS

III.B

NYDFS 500

500.6

HIPAA Security Rule

§164.312(b)

ECB CROE

CROE.2.4

EBA ICT Guidelines

3.4.5

SEBI CSCRF

DE.AU

BOT Cyber Resilience

Ch3.1

CMMC 2.0

AU

10 CFR 73.54

RG5.71-A-AU

IEEE 1686-2022

5.2

Common Criteria

CC Part 2 — FAU

Lloyd's Minimum Standards

MS8.12

NAIC Insurance Data Security

4-audit

HITRUST CSF v11

09.g

FDA 21 CFR Part 11

§11.10(e)

FDA Cybersecurity Guidance

SA-5

ISO 27799

12.4

SEC Custody (Digital Assets)

SEC-CD-15

ISO 17799 (legacy)

10.10.3

COBIT 4.1 (legacy)

None.