AU-14: Session Audit
Control Family:
CSF v1.1 References:
PF v1.0 References:
Threats Addressed:
Baselines:
- Low
N/A
- Moderate
N/A
- High
N/A
Next Version:
- NIST Special Publication 800-53 Revision 5:
- AU-14: Session Audit
Control Statement
The information system provides the capability for authorized users to select a user session to capture/record or view/hear.
Supplemental Guidance
Session audits include, for example, monitoring keystrokes, tracking websites visited, and recording information and/or file transfers. Session auditing activities are developed, integrated, and used in consultation with legal counsel in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, or standards.
Control Enhancements
AU-14(1): System Start-Up
Baseline(s):
The information system initiates session audits at system start-up.
AU-14(2): Capture/Record And Log Content
Baseline(s):
The information system provides the capability for authorized users to capture/record and log content related to a user session.
AU-14(3): Remote Viewing / Listening
Baseline(s):
The information system provides the capability for authorized users to remotely view/hear all content related to an established user session in real time.