AU-16: Cross-organizational Audit Logging
Control Family:
CSF v1.1 References:
Threats Addressed:
Baselines:
- Low
N/A
- Moderate
N/A
- High
N/A
- Privacy
N/A
Previous Version:
- NIST Special Publication 800-53 Revision 4:
- AU-16: Cross-Organizational Auditing
Control Statement
Employ [Assignment: organization-defined methods] for coordinating [Assignment: organization-defined audit information] among external organizations when audit information is transmitted across organizational boundaries.
Supplemental Guidance
When organizations use systems or services of external organizations, the audit logging capability necessitates a coordinated, cross-organization approach. For example, maintaining the identity of individuals who request specific services across organizational boundaries may often be difficult, and doing so may prove to have significant performance and privacy ramifications. Therefore, it is often the case that cross-organizational audit logging simply captures the identity of individuals who issue requests at the initial system, and subsequent systems record that the requests originated from authorized individuals. Organizations consider including processes for coordinating audit information requirements and protection of audit information in information exchange agreements.
Control Enhancements
AU-16(1): Identity Preservation
Baseline(s):
Preserve the identity of individuals in cross-organizational audit trails.
AU-16(2): Sharing of Audit Information
Baseline(s):
Provide cross-organizational audit information to [Assignment: organization-defined organizations] based on [Assignment: organization-defined cross-organizational sharing agreements].
AU-16(3): Disassociability
Baseline(s):
Implement [Assignment: organization-defined measures] to disassociate individuals from audit information transmitted across organizational boundaries.