NIST 800-53 r5 · Controls catalogue · Family AU
AU-5Response to Audit Logging Process Failures
Alert {{ insert: param, au-05_odp.01 }} within {{ insert: param, au-05_odp.02 }} in the event of an audit logging process failure; and Take the following additional actions: {{ insert: param, au-05_odp.03 }}.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (7)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-754 | Improper Check for Unusual or Exceptional Conditions | 697 | Requires detection and response to audit logging failures as an unusual or exceptional condition. |
CWE-755 | Improper Handling of Exceptional Conditions | 662 | Provides defined handling (alert and additional actions) for the exceptional condition of audit logging failure. |
CWE-703 | Improper Check or Handling of Exceptional Conditions | 146 | Implements explicit check and handling for the exceptional condition of audit logging process failure. |
CWE-636 | Not Failing Securely ('Failing Open') | 27 | Supports failing securely by requiring alerts and configurable actions (e.g., shutdown) when the audit mechanism fails instead of continuing without it. |
CWE-391 | Unchecked Error Condition | 23 | Ensures audit logging process failures are checked and trigger defined responses instead of remaining unchecked. |
CWE-390 | Detection of Error Condition Without Action | 14 | Requires explicit action (alert plus additional responses) on audit logging failures rather than detecting the error condition without acting. |
CWE-392 | Missing Report of Error Condition | 11 | Mandates alerting on audit failures, directly providing the missing report of the error condition. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2026-34480 | 1.5 | 7.5 | 0.0015 | good |
CVE-2026-34481 | 1.5 | 7.5 | 0.0015 | partial |