AU-3(3)Limit Personally Identifiable Information Elements   STRIDE-LM
    AU-4Audit Log Storage Capacity STRIDE-LM
    (1)Transfer to Alternate Storage    STRIDE-LM
    AU-5Response to Audit Logging Process Failures STRIDE-LM
    (1)Storage Capacity Warning   STRIDE-LM
    (2)Real-time Alerts   STRIDE-LM
    (3)Configurable Traffic Volume Thresholds    STRIDE-LM
    (4)Shutdown on Failure    STRIDE-LM
    (5)Alternate Audit Logging Capability    STRIDE-LM
    AU-6Audit Record Review, Analysis, and Reporting STRIDE-LM
    (1)Automated Process Integration  STRIDE-LM
    (3)Correlate Audit Record Repositories  STRIDE-LM
    (4)Central Review and Analysis    STRIDE-LM
    (5)Integrated Analysis of Audit Records   STRIDE-LM
    (6)Correlation with Physical Monitoring   STRIDE-LM
    (7)Permitted Actions    STRIDE-LM
    (8)Full Text Analysis of Privileged Commands    STRIDE-LM
    (9)Correlation with Information from Nontechnical Sources    STRIDE-LM
    AU-7Audit Record Reduction and Report Generation  STRIDE-LM
    (1)Automatic Processing  STRIDE-LM
    AU-8Time Stamps STRIDE-LM
    AU-9Protection of Audit Information STRIDE-LM
    (1)Hardware Write-once Media    STRIDE-LM
    (2)Store on Separate Physical Systems or Components   STRIDE-LM
    (3)Cryptographic Protection   STRIDE-LM
    (4)Access by Subset of Privileged Users  STRIDE-LM
    (5)Dual Authorization    STRIDE-LM
    (6)Read-only Access    STRIDE-LM
    (7)Store on Component with Different Operating System    STRIDE-LM
    AU-10Non-repudiation   STRIDE-LM
    (1)Association of Identities    STRIDE-LM
    (2)Validate Binding of Information Producer Identity    STRIDE-LM
    (3)Chain of Custody    STRIDE-LM
    (4)Validate Binding of Information Reviewer Identity    STRIDE-LM
    AU-11Audit Record RetentionSTRIDE-LM
    (1)Long-term Retrieval Capability    STRIDE-LM
    AU-12Audit Record Generation STRIDE-LM
    (1)System-wide and Time-correlated Audit Trail   STRIDE-LM
    (2)Standardized Formats    STRIDE-LM
    (3)Changes by Authorized Individuals   STRIDE-LM
    (4)Query Parameter Audits of Personally Identifiable Information    STRIDE-LM
    AU-13Monitoring for Information Disclosure    STRIDE-LM
    (1)Use of Automated Tools    STRIDE-LM
    (2)Review of Monitored Sites    STRIDE-LM
    (3)Unauthorized Replication of Information    STRIDE-LM
    AU-14Session Audit    STRIDE-LM
    (1)System Start-up    STRIDE-LM
    (3)Remote Viewing and Listening    STRIDE-LM
    AU-16Cross-organizational Audit Logging    STRIDE-LM
    (1)Identity Preservation    STRIDE-LM