CCI-000127

The organization reviews and updates the list of organization-defined audited events on an organization-defined frequency.

Implementation Guidance

The organization being inspected/assessed will conduct reviews of the list of auditable events as defined in AU-2 (d), CCI 1485 annually or more frequently upon changes to situational awareness of threats or vulnerabilities. The organization will generate and maintain an audit trail to document the completion of the review and update actions. DoD has defined the frequency as annually or more frequently upon changes to situational awareness of threats or vulnerabilities.

Validation Procedures

The organization conducting the inspection/assessment reviews the audit trail showing reviews and updates to the list of audited events to ensure that the list is reviewed and updated annually or more frequently upon changes to situational awareness of threats or vulnerabilities. DoD has defined the frequency as annually or more frequently upon changes to situational awareness of threats or vulnerabilities.

Compelling Evidence

1.) Documentation of reviews of the list of auditable events

The controls below (if any) were marked by NIST as being related to CCI-000127.