AU-5(2): Real-time Alerts

Control Family:

Audit and Accountability

Parent Control:

AU-5: Response to Audit Logging Process Failures

Threats Addressed:

Denial of Service

Baselines:

High

Previous Version:

NIST Special Publication 800-53 Revision 4:
AU-5(2): Real-Time Alerts

Control Statement

Provide an alert within [Assignment: organization-defined real-time period] to [Assignment: organization-defined personnel, roles, and/or locations] when the following audit failure events occur: [Assignment: organization-defined audit logging failure events requiring real-time alerts].

Supplemental Guidance

Alerts provide organizations with urgent messages. Real-time alerts provide these messages at information technology speed (i.e., the time from event detection to alert occurs in seconds or less).