AU-16: Cross-Organizational Auditing

CSF v1.1 References:

PF v1.0 References:

Threats Addressed:

Baselines:

  • Low

    N/A

  • Moderate

    N/A

  • High

    N/A

Next Version:

Control Statement

The organization employs [Assignment: organization-defined methods] for coordinating [Assignment: organization-defined audit information] among external organizations when audit information is transmitted across organizational boundaries.

Supplemental Guidance

When organizations use information systems and/or services of external organizations, the auditing capability necessitates a coordinated approach across organizations. For example, maintaining the identity of individuals that requested particular services across organizational boundaries may often be very difficult, and doing so may prove to have significant performance ramifications. Therefore, it is often the case that cross-organizational auditing (e.g., the type of auditing capability provided by service-oriented architectures) simply captures the identity of individuals issuing requests at the initial information system, and subsequent systems record that the requests emanated from authorized individuals.

Control Enhancements

AU-16(1): Identity Preservation

Baseline(s):

(Not part of any baseline)

The organization requires that the identity of individuals be preserved in cross-organizational audit trails.

AU-16(2): Sharing Of Audit Information

Baseline(s):

(Not part of any baseline)

The organization provides cross-organizational audit information to [Assignment: organization-defined organizations] based on [Assignment: organization-defined cross-organizational sharing agreements].