Audit and Accountability (AU)
Store audit information on a component running a different operating system than the system or component being audited.
Audit and Accountability (AU)
Level N/A
Provide irrefutable evidence that an individual (or process acting on behalf of an individual) has performed [Assignment: organization-defined actions to be covered by non-repudiation].
Audit and Accountability (AU)
(a) Bind the identity of the information producer with the information to [Assignment: organization-defined strength of binding]; and (b) Provide the means for authorized individuals to determine the identity of the producer of the information.
Audit and Accountability (AU)
(a) Validate the binding of the information producer identity to the information at [Assignment: organization-defined frequency]; and (b) Perform [Assignment: organization-defined actions] in the event of a validation error.
Audit and Accountability (AU)
Level N/A
Maintain reviewer or releaser credentials within the established chain of custody for information reviewed or released.
Audit and Accountability (AU)
(a) Validate the binding of the information reviewer identity to the information at the transfer or release points prior to release or transfer between [Assignment: organization-defined security domains]; and (b) Perform [Assignment: organization-defined actions] in the event of a validation error.
Audit and Accountability (AU)
[Withdrawn: Incorporated into AU-7(1).]
Audit and Accountability (AU)
Level N/A
Retain audit records for [Assignment: organization-defined time period consistent with records retention policy] to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.
Audit and Accountability (AU)
Employ [Assignment: organization-defined measures] to ensure that long-term audit records generated by the system can be retrieved.
Audit and Accountability (AU)
Level N/A
a. Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2a on [Assignment: organization-defined system components]; b. Allow [Assignment: organization-defined personnel or roles] to select the event types that are to be logged by specific components of the system; and c. Generate audit records for the event types defined in AU-2c that include the audit record content defined in AU-3.
