AU-12(03) Changes by Authorized Individuals
Provide and implement the capability for au-12.03_odp.01 to change the logging to be performed on au-12.03_odp.02 based on au-12.03_odp.03 within au-12.03_odp.04.
| Parameter ID | Definition |
|---|---|
| au-12.03_odp.01 | individuals or roles |
| au-12.03_odp.02 | system components |
| au-12.03_odp.03 | selectable event criteria |
| au-12.03_odp.04 | time thresholds |
Baselines
- L
- M
- H
- P
Guidance
Permitting authorized individuals to make changes to system logging enables organizations to extend or limit logging as necessary to meet organizational requirements. Logging that is limited to conserve system resources may be extended (either temporarily or permanently) to address certain threat situations. In addition, logging may be limited to a specific set of event types to facilitate audit reduction, analysis, and reporting. Organizations can establish time thresholds in which logging actions are changed (e.g., near real-time, within minutes, or within hours).
Related controls 1
- AC-03 Access Enforcement L M H P