AU-12: Audit Record Generation
Control Family:
Previous Version:
- NIST Special Publication 800-53 Revision 4:
- AU-12: Audit Generation
Control Statement
- Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2a on [Assignment: organization-defined system components];
- Allow [Assignment: organization-defined personnel or roles] to select the event types that are to be logged by specific components of the system; and
- Generate audit records for the event types defined in AU-2c that include the audit record content defined in AU-3.
Supplemental Guidance
Audit records can be generated from many different system components. The event types specified in AU-2d are the event types for which audit logs are to be generated and are a subset of all event types for which the system can generate audit records.
Control Enhancements
AU-12(1): System-wide and Time-correlated Audit Trail
Baseline(s):
- High
Compile audit records from [Assignment: organization-defined system components] into a system-wide (logical or physical) audit trail that is time-correlated to within [Assignment: organization-defined level of tolerance for the relationship between time stamps of individual records in the audit trail].
AU-12(2): Standardized Formats
Baseline(s):
Produce a system-wide (logical or physical) audit trail composed of audit records in a standardized format.
AU-12(3): Changes by Authorized Individuals
Baseline(s):
- High
Provide and implement the capability for [Assignment: organization-defined individuals or roles] to change the logging to be performed on [Assignment: organization-defined system components] based on [Assignment: organization-defined selectable event criteria] within [Assignment: organization-defined time thresholds].
AU-12(4): Query Parameter Audits of Personally Identifiable Information
Baseline(s):
Provide and implement the capability for auditing the parameters of user query events for data sets containing personally identifiable information.