AU-3(1): Additional Audit Information

CSF v1.1 References:


  • Moderate
  • High

Next Version:

Control Statement

The information system generates audit records containing the following additional information: [Assignment: organization-defined additional, more detailed information].

Supplemental Guidance

Detailed information that organizations may consider in audit records includes, for example, full text recording of privileged commands or the individual identities of group account users. Organizations consider limiting the additional audit information to only that information explicitly needed for specific audit requirements. This facilitates the use of audit trails and audit logs by not including information that could potentially be misleading or could make it more difficult to locate information of interest.