Navigate

CCI-001484

CCI-001484 Definition

Defines the frequency of (or situation requiring) logging for each identified event.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - [AU-02_ODP[02]; the event types (subset of AU-02_ODP[01]) for logging within the system are defined] are specified for logging within the system. - the specified event types are logged within the system [AU-02_ODP[03]; the frequency or situation requiring logging for each specified event type is defined].

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; procedures addressing auditable events; system security plan; privacy plan; system design documentation; system configuration settings and associated documentation; system audit records; system auditable events; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with audit and accountability responsibilities; organizational personnel with information security and privacy responsibilities; system/network administrators]. Test: [SELECT FROM: Mechanisms implementing system auditing].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001484.

Control	Description
AU-2	a: Identify the types of events that the system is capable of logging in support of the audit function: [the event types that the system is capable of logging in support of the audit function are defined;]; b: Coordinate the event logging function with other organizational entities requiring audit-related information to guide and inform the selection criteria for events to be logged; c: Specify the following event types for logging within the system: [one of ]; d: Provide a rationale for why the event types selected for logging are deemed to be adequate to support after-the-fact investigations of incidents; and e: Review and update the event types selected for logging [the frequency of event types selected for logging are reviewed and updated;].

Control

Description

AU-2

a: Identify the types of events that the system is capable of logging in support of the audit function: [the event types that the system is capable of logging in support of the audit function are defined;];

b: Coordinate the event logging function with other organizational entities requiring audit-related information to guide and inform the selection criteria for events to be logged;

c: Specify the following event types for logging within the system: [one of ];

d: Provide a rationale for why the event types selected for logging are deemed to be adequate to support after-the-fact investigations of incidents; and

e: Review and update the event types selected for logging [the frequency of event types selected for logging are reviewed and updated;].