Navigate

CCI-000134

CCI-000134 Definition

Ensure that audit records containing information that establishes the outcome of the event.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Determine if audit records contain information that establishes the outcome of the event.

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; system security plan; privacy plan; procedures addressing content of audit records; system design documentation; system configuration settings and associated documentation; list of organization-defined auditable events; system audit records; system incident reports; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with audit and accountability responsibilities; organizational personnel with information security and privacy responsibilities; system/network administrators]. Test: [SELECT FROM: Mechanisms implementing system auditing of auditable events].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000134.

Control	Description
AU-3	Ensure that audit records contain information that establishes the following: a: What type of event occurred; b: When the event occurred; c: Where the event occurred; d: Source of the event; e: Outcome of the event; and f: Identity of any individuals, subjects, or objects/entities associated with the event.