AU-6(7): Permitted Actions

Control Family:

Audit And Accountability

Parent Control:

AU-6: Audit Review, Analysis, And Reporting

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

Threats Addressed:

Elevation of Privilege

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
AU-6(7): Permitted Actions

Control Statement

The organization specifies the permitted actions for each [Selection (one or more): information system process; role; user] associated with the review, analysis, and reporting of audit information.

Supplemental Guidance

Organizations specify permitted actions for information system processes, roles, and/or users associated with the review, analysis, and reporting of audit records through account management techniques. Specifying permitted actions on audit information is a way to enforce the principle of least privilege. Permitted actions are enforced by the information system and include, for example, read, write, execute, append, and delete.