Navigate

CCI-000135

CCI-000135 Definition

Generate audit records containing the organization-defined additional information that is to be included in the audit records.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Determine if generated audit records contain the following [AU-03(01)_ODP; additional information to be included in audit records is defined].

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; procedures addressing content of audit records; system security plan; privacy plan; system design documentation; system configuration settings and associated documentation; list of organization-defined auditable events; system audit records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with audit and accountability responsibilities; organizational personnel with information security and privacy responsibilities; system/network administrators; system developers]. Test: [SELECT FROM: system audit capability].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000135.

Control	Description
AU-3(1)	Generate audit records containing the following additional information: [additional information to be included in audit records is defined;].