AU-14 Session Audit
a. Provide and implement the capability for au-14_odp.01 to au-14_odp.02 the content of a user session under au-14_odp.03 ; and
b. Develop, integrate, and use session auditing activities in consultation with legal counsel and in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.
| Parameter ID | Definition |
|---|---|
| au-14_odp.01 | users or roles |
| au-14_odp.02 |
Selection (one-or-more):
|
| au-14_odp.03 | circumstances |
Baselines
- L
- M
- H
- P
Guidance
Session audits can include monitoring keystrokes, tracking websites visited, and recording information and/or file transfers. Session audit capability is implemented in addition to event logging and may involve implementation of specialized session capture technology. Organizations consider how session auditing can reveal information about individuals that may give rise to privacy risk as well as how to mitigate those risks. Because session auditing can impact system and network performance, organizations activate the capability under well-defined situations (e.g., the organization is suspicious of a specific individual). Organizations consult with legal counsel, civil liberties officials, and privacy officials to ensure that any legal, privacy, civil rights, or civil liberties issues, including the use of personally identifiable information, are appropriately addressed.
Control Enhancements 3
- AU-14(01) System Start-up L M H P
- AU-14(02) Capture and Record Content
- AU-14(03) Remote Viewing and Listening L M H P
Related controls 10
- AC-03 Access Enforcement L M H P
- AC-08 System Use Notification L M H P
- AU-02 Event Logging L M H P
- AU-03 Content of Audit Records L M H P
- AU-04 Audit Log Storage Capacity L M H P
- AU-05 Response to Audit Logging Process Failures L M H P
- AU-08 Time Stamps L M H P
- AU-09 Protection of Audit Information L M H P
- AU-11 Audit Record Retention L M H P
- AU-12 Audit Record Generation L M H P