diff --git a/defaults/main.yml b/defaults/main.yml
index 89c4a06f..03422b72 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -384,6 +384,10 @@ security_unattended_upgrades_notifications: false
 #
 ###############################################################################
 
+## Audit daemon (auditd)
+# Send audit records to a different system using audisp.
+#security_audisp_remote_server: '10.0.21.1'                  # RHEL-07-030330
+
 ## Authentication (auth)
 # Disallow logins from accounts with blank/null passwords via PAM.
 security_disallow_blank_password_login: yes                  # RHEL-07-010260
diff --git a/doc/metadata/rhel7/RHEL-07-030330.rst b/doc/metadata/rhel7/RHEL-07-030330.rst
index bd20de44..09906ac8 100644
--- a/doc/metadata/rhel7/RHEL-07-030330.rst
+++ b/doc/metadata/rhel7/RHEL-07-030330.rst
@@ -1,7 +1,13 @@
 ---
 id: RHEL-07-030330
-status: not implemented
-tag: misc
+status: opt-in
+tag: auditd
 ---
 
-This STIG requirement is not yet implemented.
+The ``audispd`` service transmits audit logs to other servers.  Deployers
+should specify the address of another server that can receive audit logs by
+setting the following Ansible variable:
+
+.. code-block:: yaml
+
+    security_audisp_remote_server: '10.0.21.1'
diff --git a/tasks/rhel7stig/auditd.yml b/tasks/rhel7stig/auditd.yml
new file mode 100644
index 00000000..af7b4a06
--- /dev/null
+++ b/tasks/rhel7stig/auditd.yml
@@ -0,0 +1,28 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: RHEL-07-030330 - The operating system must off-load audit records onto a different system or media from the system being audited
+  lineinfile:
+    dest: /etc/audisp/audisp-remote.conf
+    regexp: "^(#)?remote_server"
+    line: "remote_server = {{ security_audisp_remote_server }}"
+  when:
+    - security_audisp_remote_server is defined
+  notify:
+    - restart auditd
+  tags:
+    - medium
+    - auditd
+    - RHEL-07-030330
diff --git a/vars/redhat.yml b/vars/redhat.yml
index db9d557e..1e715428 100644
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -34,6 +34,7 @@ grub_update_cmd: "grub2-mkconfig -o /boot/grub/grub.conf"
 stig_packages:
   - packages:
       - audit
+      - audispd-plugins
       - aide
       - chrony
       - logrotate
diff --git a/vars/ubuntu.yml b/vars/ubuntu.yml
index 72e21776..1b738707 100644
--- a/vars/ubuntu.yml
+++ b/vars/ubuntu.yml
@@ -37,6 +37,7 @@ grub_update_cmd: "update-grub"
 stig_packages:
   - packages:
       - auditd
+      - audispd-plugins
       - aide
       - aide-common
       - chrony