|
AU-01
|
Policy and Procedures |
|
|
|
|
|
AU-02
|
Event Logging |
|
|
|
|
|
AU-02(01)
|
Compilation of Audit Records from Multiple Sources |
Incorporated into
AU-12.
|
|
AU-02(02)
|
Selection of Audit Events by Component |
Incorporated into
AU-12.
|
|
AU-02(03)
|
Reviews and Updates |
Incorporated into
AU-2.
|
|
AU-02(04)
|
Privileged Functions |
Incorporated into
AC-6.9.
|
|
AU-03
|
Content of Audit Records |
|
|
|
|
|
AU-03(01)
|
Additional Audit Information |
|
|
|
|
|
AU-03(02)
|
Centralized Management of Planned Audit Record Content |
Incorporated into
PL-9.
|
|
AU-03(03)
|
Limit Personally Identifiable Information Elements |
|
|
|
|
|
AU-04
|
Audit Log Storage Capacity |
|
|
|
|
|
AU-04(01)
|
Transfer to Alternate Storage |
|
|
|
|
|
AU-05
|
Response to Audit Logging Process Failures |
|
|
|
|
|
AU-05(01)
|
Storage Capacity Warning |
|
|
|
|
|
AU-05(02)
|
Real-time Alerts |
|
|
|
|
|
AU-05(03)
|
Configurable Traffic Volume Thresholds |
|
|
|
|
|
AU-05(04)
|
Shutdown on Failure |
|
|
|
|
|
AU-05(05)
|
Alternate Audit Logging Capability |
|
|
|
|
|
AU-06
|
Audit Record Review, Analysis, and Reporting |
|
|
|
|
|
AU-06(01)
|
Automated Process Integration |
|
|
|
|
|
AU-06(02)
|
Automated Security Alerts |
Incorporated into
SI-4.
|
|
AU-06(03)
|
Correlate Audit Record Repositories |
|
|
|
|
|
AU-06(04)
|
Central Review and Analysis |
|
|
|
|
|
AU-06(05)
|
Integrated Analysis of Audit Records |
|
|
|
|
|
AU-06(06)
|
Correlation with Physical Monitoring |
|
|
|
|
|
AU-06(07)
|
Permitted Actions |
|
|
|
|
|
AU-06(08)
|
Full Text Analysis of Privileged Commands |
|
|
|
|
|
AU-06(09)
|
Correlation with Information from Nontechnical Sources |
|
|
|
|
|
AU-06(10)
|
Audit Level Adjustment |
Incorporated into
AU-6.
|
|
AU-07
|
Audit Record Reduction and Report Generation |
|
|
|
|
|
AU-07(01)
|
Automatic Processing |
|
|
|
|
|
AU-07(02)
|
Automatic Sort and Search |
Incorporated into
AU-7.1.
|
|
AU-08
|
Time Stamps |
|
|
|
|
|
AU-08(01)
|
Synchronization with Authoritative Time Source |
Moved to
SC-45.1.
|
|
AU-08(02)
|
Secondary Authoritative Time Source |
Moved to
SC-45.2.
|
|
AU-09
|
Protection of Audit Information |
|
|
|
|
|
AU-09(01)
|
Hardware Write-once Media |
|
|
|
|
|
AU-09(02)
|
Store on Separate Physical Systems or Components |
|
|
|
|
|
AU-09(03)
|
Cryptographic Protection |
|
|
|
|
|
AU-09(04)
|
Access by Subset of Privileged Users |
|
|
|
|
|
AU-09(05)
|
Dual Authorization |
|
|
|
|
|
AU-09(06)
|
Read-only Access |
|
|
|
|
|
AU-09(07)
|
Store on Component with Different Operating System |
|
|
|
|
|
AU-10
|
Non-repudiation |
|
|
|
|
|
AU-10(01)
|
Association of Identities |
|
|
|
|
|
AU-10(02)
|
Validate Binding of Information Producer Identity |
|
|
|
|
|
AU-10(03)
|
Chain of Custody |
|
|
|
|
|
AU-10(04)
|
Validate Binding of Information Reviewer Identity |
|
|
|
|
|
AU-10(05)
|
Digital Signatures |
Incorporated into
SI-7.
|
|
AU-11
|
Audit Record Retention |
|
|
|
|
|
AU-11(01)
|
Long-term Retrieval Capability |
|
|
|
|
|
AU-12
|
Audit Record Generation |
|
|
|
|
|
AU-12(01)
|
System-wide and Time-correlated Audit Trail |
|
|
|
|
|
AU-12(02)
|
Standardized Formats |
|
|
|
|
|
AU-12(03)
|
Changes by Authorized Individuals |
|
|
|
|
|
AU-12(04)
|
Query Parameter Audits of Personally Identifiable Information |
|
|
|
|
|
AU-13
|
Monitoring for Information Disclosure |
|
|
|
|
|
AU-13(01)
|
Use of Automated Tools |
|
|
|
|
|
AU-13(02)
|
Review of Monitored Sites |
|
|
|
|
|
AU-13(03)
|
Unauthorized Replication of Information |
|
|
|
|
|
AU-14
|
Session Audit |
|
|
|
|
|
AU-14(01)
|
System Start-up |
|
|
|
|
|
AU-14(02)
|
Capture and Record Content |
Incorporated into
AU-14.
|
|
AU-14(03)
|
Remote Viewing and Listening |
|
|
|
|
|
AU-15
|
Alternate Audit Logging Capability |
Moved to
AU-5.5.
|
|
AU-16
|
Cross-organizational Audit Logging |
|
|
|
|
|
AU-16(01)
|
Identity Preservation |
|
|
|
|
|
AU-16(02)
|
Sharing of Audit Information |
|
|
|
|
|
AU-16(03)
|
Disassociability |
|
|
|
|