Audit and Accountability (AU)
Perform a full text analysis of logged privileged commands in a physically distinct component or subsystem of the system, or other system that is dedicated to that analysis.
Audit and Accountability (AU)
Correlate information from nontechnical sources with audit record information to enhance organization-wide situational awareness.
Audit and Accountability (AU)
Level N/A
[Withdrawn: Incorporated into AC-6(9).]
Audit and Accountability (AU)
Provide and implement an audit record reduction and report generation capability that: a. Supports on-demand audit record review, analysis, and reporting requirements and after-the-fact investigations of incidents; and b. Does not alter the original content or time ordering of audit records.
Audit and Accountability (AU)
Provide and implement the capability to process, sort, and search audit records for events of interest based on the following content: [Assignment: organization-defined fields within audit records].
Audit and Accountability (AU)
[Withdrawn: Incorporated into PL-9.]
Audit and Accountability (AU)
Level N/A
a. Use internal system clocks to generate time stamps for audit records; and b. Record time stamps for audit records that meet [Assignment: organization-defined granularity of time measurement] and that use Coordinated Universal Time, have a fixed local time offset from Coordinated Universal Time, or that include the local time offset as part of the time stamp.
Audit and Accountability (AU)
[Withdrawn: Incorporated into AU-6.]
Audit and Accountability (AU)
[Withdrawn: Incorporated into SI-4.]
Audit and Accountability (AU)
Level N/A
a. Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and b. Alert [Assignment: organization-defined personnel or roles] upon detection of unauthorized access, modification, or deletion of audit information.
