Navigate

CCI-001857

CCI-001857 Definition

The organization defines the personnel, roles, and/or locations to receive alerts when organization-defined audit failure events occur.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents any personnel or roles, in addition to the SCA and ISSO, who shall receive alerts when all audit failure events occur. If there are no additional personnel or roles, the organization must also document that. DoD has defined the personnel or roles as at a minimum, the SCA and ISSO. DoD has defined the audit failure events as all.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented list of personnel or roles who should receive alerts when all audit failure events occur to ensure the organization being inspected/assessed has either defined additional personnel or roles, or identified that there are no additional personnel or roles. DoD has defined the audit failure events as all.

Compelling Evidence

1.) Signed and dated audit and accountability policy 2.) List of personnel who receive indications of organization-defined inappropriate or unusual activity

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001857.

Control	Description
AU-5 (2)	The information system provides an alert in [Assignment: organization-defined real-time period] to [Assignment: organization-defined personnel, roles, and/or locations] when the following audit failure events occur: [Assignment: organization-defined audit failure events requiring real-time alerts].