AU-3: Content Of Audit Records

Control Family:

Audit And Accountability

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.PT-1

PF v1.0 References:

CT.DM-P8

Threats Addressed:

Repudiation

Baselines:

Low
- AU-3
Moderate
- AU-3
- (1)
High
- AU-3
- (1)
- (2)

Next Version:

NIST Special Publication 800-53 Revision 5:
AU-3: Content of Audit Records

Control Statement

The information system generates audit records containing information that establishes what type of event occurred, when the event occurred, where the event occurred, the source of the event, the outcome of the event, and the identity of any individuals or subjects associated with the event.

Supplemental Guidance

Audit record content that may be necessary to satisfy the requirement of this control, includes, for example, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked. Event outcomes can include indicators of event success or failure and event-specific results (e.g., the security state of the information system after the event occurred).

Control Enhancements

AU-3(1): Additional Audit Information

Baseline(s):

Moderate
High

The information system generates audit records containing the following additional information: [Assignment: organization-defined additional, more detailed information].

AU-3(2): Centralized Management Of Planned Audit Record Content

Baseline(s):

High

The information system provides centralized management and configuration of the content to be captured in audit records generated by [Assignment: organization-defined information system components].

Control Statement

Supplemental Guidance

Control Enhancements

Related Controls

NIST Special Publication 800-53 Revision 4

Cloud Controls Matrix v3.0.1

Critical Security Controls Version 8

Critical Security Controls Version 7.1