SecFrame Explorer
3/3
// Level 3 · Controls

Audit and Accountability

NIST SP 800-53 Rev 5 Audit and Accountability controls.

AU-01Medium

Policy and Procedures

Develop, document, and disseminate to [parameter]:

AU-02Medium

Event Logging

Identify the types of events that the system is capable of logging in support of the audit function: [parameter];

AU-03Medium

Content of Audit Records

Ensure that audit records contain information that establishes the following:

AU-04Medium

Audit Log Storage Capacity

Allocate audit log storage capacity to accommodate [parameter].

AU-05Medium

Response to Audit Logging Process Failures

Alert [parameter] within [parameter] in the event of an audit logging process failure; and

AU-06Medium

Audit Record Review, Analysis, and Reporting

Review and analyze system audit records [parameter] for indications of [parameter] and the potential impact of the inappropriate or unusual activity;

AU-07Medium

Audit Record Reduction and Report Generation

Provide and implement an audit record reduction and report generation capability that:

AU-08Medium

Time Stamps

Use internal system clocks to generate time stamps for audit records; and

AU-09Medium

Protection of Audit Information

Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and

AU-10Medium

Non-repudiation

Provide irrefutable evidence that an individual (or process acting on behalf of an individual) has performed [parameter].

AU-11Medium

Audit Record Retention

Retain audit records for [parameter] to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.

AU-12Medium

Audit Record Generation

Provide audit record generation capability for the event types the system is capable of auditing as defined in [AU-2a](#au-2_smt.a) on [parameter];

AU-13Medium

Monitoring for Information Disclosure

Monitor [parameter] [parameter] for evidence of unauthorized disclosure of organizational information; and

AU-14Medium

Session Audit

Provide and implement the capability for [parameter] to [parameter] the content of a user session under [parameter] ; and

AU-15Medium

Alternate Audit Logging Capability

Alternate Audit Logging Capability

AU-16Medium

Cross-organizational Audit Logging

Employ [parameter] for coordinating [parameter] among external organizations when audit information is transmitted across organizational boundaries.