AU-12: Audit Record Generation

CSF v1.1 References:

PF v1.0 References:

Baselines:

  • Low
    • AU-12
  • Moderate
    • AU-12
  • High
  • Privacy

    N/A

Previous Version:

Control Statement

  1. Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2a on [Assignment: organization-defined system components];
  2. Allow [Assignment: organization-defined personnel or roles] to select the event types that are to be logged by specific components of the system; and
  3. Generate audit records for the event types defined in AU-2c that include the audit record content defined in AU-3.

Supplemental Guidance

Audit records can be generated from many different system components. The event types specified in AU-2d are the event types for which audit logs are to be generated and are a subset of all event types for which the system can generate audit records.

Control Enhancements

AU-12(1): System-wide and Time-correlated Audit Trail

Baseline(s):

  • High

Compile audit records from [Assignment: organization-defined system components] into a system-wide (logical or physical) audit trail that is time-correlated to within [Assignment: organization-defined level of tolerance for the relationship between time stamps of individual records in the audit trail].

AU-12(2): Standardized Formats

Baseline(s):

(Not part of any baseline)

Produce a system-wide (logical or physical) audit trail composed of audit records in a standardized format.

AU-12(3): Changes by Authorized Individuals

Baseline(s):

  • High

Provide and implement the capability for [Assignment: organization-defined individuals or roles] to change the logging to be performed on [Assignment: organization-defined system components] based on [Assignment: organization-defined selectable event criteria] within [Assignment: organization-defined time thresholds].