AU-12-727 Audit Generation

Audit Generation

Control ID

AU-12-727

Control Name

Audit Generation

Control Category

Audit and Accountability

Functional Areas

Protect

Sub-Areas

Media, Security Monitoring and Event Analysis

NIST Baseline Level(s)

LOW, MOD, HIGH

NIST Priority

State Implementation Required

Yes

Agency Last Implemented Date

August 18, 2016

Agency Implementation

All mission-critical and sensitive Agency information resources shall adopt Center for Internet Security (CIS) Benchmarks Level I standards for audit generation policies where possible. In the event a benchmark is not available, each information resource shall generate audit records for all process-related and user-related security events, as a minimum.

Risk Statement

Failure to plan and execute IT audit activities may result in potential compromise of critical business processes and sensitive data to go undetected.

Control Description

The information system: a. Provides audit record generation capability for the auditable events defined in AU-2 a. at [Assignment: organization-defined information system components]; b. Allows [Assignment: organization-defined personnel or roles] to select which auditable events are to be audited by specific components of the information system; and c. Generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Control Example

The organization defines auditable events per application/operating system.

State Implementation

State organizations shall configure information systems to generate audit records to support AU-2 and AU-3.

Testing Procedures

Obtain audit and accountability policy; procedures addressing audit record generation; security plan; information system design documentation; information system configuration settings and associated documentation; information system audit records; other relevant documents or records and ascertain if : (I) the organization defines the information system components that provide audit record generation capability for the list of auditable events defined in AU-2; (ii) the information system provides audit record generation capability, at organization-defined information system components, for the list of auditable events defined in AU-2; (iii) the information system allows designated organizational personnel to select which auditable events are to be audited by specific components of the system; and (iv) the information system generates audit records for the list of audited events defined in AU-2 with the content as defined in AU-3.