SI-7(8): Auditing Capability for Significant Events

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Previous Version:

Control Statement

Upon detection of a potential integrity violation, provide the capability to audit the event and initiate the following actions: [Assignment (one or more): generate an audit record, alert current user, alert [Assignment: organization-defined personnel or roles] , [Assignment: organization-defined other actions] ].

Supplemental Guidance

Organizations select response actions based on types of software, specific software, or information for which there are potential integrity violations.