Navigate

CCI-001850

CCI-001850 Definition

Defines the frequency to off-load audit records onto a different system or media than the system being audited.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if audit logs are transferred [AU-04(01)_ODP; the frequency of audit logs transferred to a different system, system component, or media other than the system or system component conducting the logging is defined] to a different system, system component, or media other than the system or system component conducting the logging.

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; system security plan; privacy plan; procedures addressing audit storage capacity; procedures addressing transfer of system audit records to secondary or alternate systems; system design documentation; system configuration settings and associated documentation; logs of audit record transfers to secondary or alternate systems; system audit records transferred to secondary or alternate systems; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with audit storage capacity planning responsibilities; organizational personnel with information security and privacy responsibilities; system/network administrators]. Test: [SELECT FROM: Mechanisms supporting the transfer of audit records onto a different system].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001850.

Control	Description
AU-4(1)	Transfer audit logs [the frequency of audit logs transferred to a different system, system component, or media other than the system or system component conducting the logging is defined;] to a different system, system component, or media other than the system or system component conducting the logging.