AU-12 Audit Record Generation
a. Provide audit record generation capability for the event types the system is capable of auditing as defined in [AU-2a](#au-2_smt.a) on au-12_odp.01;
b. Allow au-12_odp.02 to select the event types that are to be logged by specific components of the system; and
c. Generate audit records for the event types defined in [AU-2c](#au-2_smt.c) that include the audit record content defined in [AU-3](#au-3).
| Parameter ID | Definition |
|---|---|
| au-12_odp.01 | system components |
| au-12_odp.02 | personnel or roles |
Baselines
- L
- M
- H
- P
Guidance
Audit records can be generated from many different system components. The event types specified in [AU-2d](#au-2_smt.d) are the event types for which audit logs are to be generated and are a subset of all event types for which the system can generate audit records.
Control Enhancements 4
- AU-12(01) System-wide and Time-correlated Audit Trail L M H P
- AU-12(02) Standardized Formats L M H P
- AU-12(03) Changes by Authorized Individuals L M H P
- AU-12(04) Query Parameter Audits of Personally Identifiable Information L M H P
Related controls 19
- AC-06 Least Privilege L M H P
- AC-17 Remote Access L M H P
- AU-02 Event Logging L M H P
- AU-03 Content of Audit Records L M H P
- AU-04 Audit Log Storage Capacity L M H P
- AU-05 Response to Audit Logging Process Failures L M H P
- AU-06 Audit Record Review, Analysis, and Reporting L M H P
- AU-07 Audit Record Reduction and Report Generation L M H P
- AU-14 Session Audit L M H P
- CM-05 Access Restrictions for Change L M H P
- MA-04 Nonlocal Maintenance L M H P
- MP-04 Media Storage L M H P
- PM-12 Insider Threat Program L M H P
- SA-08 Security and Privacy Engineering Principles L M H P
- SC-18 Mobile Code L M H P
- SI-03 Malicious Code Protection L M H P
- SI-04 System Monitoring L M H P
- SI-07 Software, Firmware, and Information Integrity L M H P
- SI-10 Information Input Validation L M H P