Audit and Accountability (AU)
Provide and implement the capability to centrally review and analyze audit records from multiple components within the system.
Audit and Accountability (AU)
Integrate analysis of audit records with analysis of [Selection (one or more): vulnerability scanning information; performance data; system monitoring information; [Assignment: organization-defined data/information collected from other sources]] to further enhance the ability to identify inappropriate or unusual activity.
Audit and Accountability (AU)
Correlate information from audit records with information obtained from monitoring physical access to further enhance the ability to identify suspicious, inappropriate, unusual, or malevolent activity.
Audit and Accountability (AU)
Specify the permitted actions for each [Selection (one or more): system process; role; user] associated with the review, analysis, and reporting of audit record information.
Audit and Accountability (AU)
Perform a full text analysis of logged privileged commands in a physically distinct component or subsystem of the system, or other system that is dedicated to that analysis.
Audit and Accountability (AU)
Correlate information from nontechnical sources with audit record information to enhance organization-wide situational awareness.
Audit and Accountability (AU)
Level N/A
[Withdrawn: Incorporated into AC-6(9).]
Audit and Accountability (AU)
Provide and implement an audit record reduction and report generation capability that: a. Supports on-demand audit record review, analysis, and reporting requirements and after-the-fact investigations of incidents; and b. Does not alter the original content or time ordering of audit records.
Audit and Accountability (AU)
Provide and implement the capability to process, sort, and search audit records for events of interest based on the following content: [Assignment: organization-defined fields within audit records].
Audit and Accountability (AU)
[Withdrawn: Incorporated into PL-9.]
