CCI-000158

The information system provides the capability to process audit records for events of interest based on organization-defined audit fields within audit records.

Implementation Guidance

The organization being inspected/assessed must employ information systems that provide the capability to process audit records for events of interest based on audit fields within audit records defined in AU-7 (1), CCI 1883. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 158.

Validation Procedures

The organization conducting the inspection/assessment examines the information system to ensure that the organization being inspected/assessed employs information systems that provides the capability to process audit records for events of interest based on audit fields within audit records as defined in AU-7 (1), CCI 1883. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 158.

Compelling Evidence

1.) Example of audit log report based on events of interest

The controls below (if any) were marked by NIST as being related to CCI-000158.