AU-6(7): Permitted Actions

Control Family:

Audit and Accountability

Parent Control:

AU-6: Audit Record Review, Analysis, and Reporting

CSF v1.1 References:

ID.SC-4
PR.PT-1
DE.AE-2
DE.AE-3
DE.DP-4
RS.AN-1
RS.CO-2

Threats Addressed:

Elevation of Privilege

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
AU-6(7): Permitted Actions

Control Statement

Specify the permitted actions for each [Assignment (one or more): system process, role, user] associated with the review, analysis, and reporting of audit record information.

Supplemental Guidance

Organizations specify permitted actions for system processes, roles, and users associated with the review, analysis, and reporting of audit records through system account management activities. Specifying permitted actions on audit record information is a way to enforce the principle of least privilege. Permitted actions are enforced by the system and include read, write, execute, append, and delete.