![[Public Interpretations Database]](/assets/images/public-interps.jpg){kind=small}
I-0387: Auditing Of Audit Storage Failures
TYPE: Guidance
NUMBER: I-0387
STATUS: Ready to Send to Management/CCIMB
TITLE: Auditing Of Audit Storage Failures
SOURCE REFERENCE: CC v2.1 Part 2 Subclause 3.6 FAU_STG.4
CC v2.1 Part 2 Subclause 3.6 FAU_STG.NIAP-0414-1
RELATED TO:
I-0348 Audit Data Loss Prevention Method May Be Site-Selectable
I-0414 Site-Configurable Prevention Of Audit Loss
ISSUE:
The AUDIT section for FAU_STG.4 indicates that the actions taken due to the audit storage failure should be audited. However, if there is an audit storage failure, this record can't go into the audit trail? Where should the record be stored?STATEMENT
When the audit trail is full, the audit related to the action taken due to storage failure should be stored in an alternate location.SUPPORT:
This interpretation addresses a difficulty that exists in some cases of audit storage failure. In particular, this interpretation permits the audit record of the failure in such cases to be recorded in an alternate location. This will permit retrieval of the record in a maintenance mode, when the situation that resulted in audit failure may be corrected and normal auditing behavior restored.Note: This interpretation is being applied to the CC as modified by I-0414.