Navigate

CCI-000173

CCI-000173 Definition

Defines the level of tolerance for relationship between time stamps of individual records in the audit trail that will be used for correlation.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed will define and document their level of tolerance for variation in the time stamps applied to the audit data generated by the organization's information systems. DoD has determined that the level of tolerance is not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment reviews the organization's audit and accountability policy and procedures addressing audit record generation and retention; information system audit configuration settings and associated documentation; information system audit records; and any other relevant documents or records. The objective is to validate the organization has defined and documented its level of tolerance for variation in the time stamps applied to the audit data generated by the organization's information systems. DoD has determined that the level of tolerance is not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated audit and accountability policy 2.) Applicable STIG/SRG checks

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000173.

Control	Description
AU-12(1)	The information system compiles audit records from [organization-defined information system components] into a system-wide (logical or physical) audit trail that is time-correlated to within [organization-defined level of tolerance for the relationship between time stamps of individual records in the audit trail].