CCI-000148

Review and analyze system audit records on an organization-defined frequency for indications of organization-defined inappropriate or unusual activity.

Implementation Guidance

Determine if system audit records are reviewed and analyzed [AU-06_ODP[01]; frequency at which system audit records are reviewed and analyzed is defined] for indications of [AU-06_ODP[02]; inappropriate or unusual activity is defined] and the potential impact of the inappropriate or unusual activity.

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; system security plan; privacy plan; procedures addressing audit review, analysis, and reporting; reports of audit findings; records of actions taken in response to reviews/analyses of audit records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with audit review, analysis, and reporting responsibilities; organizational personnel with information security and privacy responsibilities].

The controls below (if any) were marked by NIST as being related to CCI-000148.