AU-7(2): Automatic Sort And Search

Control Family:

Audit And Accountability

Parent Control:

AU-7: Audit Reduction And Report Generation

Priority:

P2: Implement P2 security controls after implementation of P1 controls.

CSF v1.1 References:

PR.PT-1
RS.AN-3

Baselines:

(Not part of any baseline)

Control is withdrawn in the next version of this control set and incorporated into: AU-7(1): Automatic Processing.

Control Statement

The information system provides the capability to sort and search audit records for events of interest based on the content of [Assignment: organization-defined audit fields within audit records].

Supplemental Guidance

Sorting and searching of audit records may be based upon the contents of audit record fields, for example: (i) date/time of events; (ii) user identifiers; (iii) Internet Protocol (IP) addresses involved in the event; (iv) type of event; or (v) event success/failure.