Navigate

CCI-001866

CCI-001866 Definition

Defines the data/information to be collected from other sources to enhance its ability to identify inappropriate or unusual activity.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if analysis of audit records is integrated with analysis of [AU-06(05)_ODP[01]; one or more of the following PARAMETER VALUES is/are selected: {vulnerability scanning information; performance data; system monitoring information; [AU-06(05)_ODP[02]; data/information collected from other sources to be analyzed is defined (if selected)}]] to further enhance the ability to identify inappropriate or unusual activity.

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; system security plan; privacy plan; procedures addressing audit review, analysis, and reporting; system design documentation; system configuration settings and associated documentation; integrated analysis of audit records, vulnerability scanning information, performance data, network monitoring information, and associated documentation; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with audit review, analysis, and reporting responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Mechanisms implementing the capability to integrate analysis of audit records with analysis of data/information sources].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001866.

Control	Description
AU-6(5)	Integrate analysis of audit records with analysis of [one or more of "vulnerability scanning information"/"performance data"/"system monitoring information"/"{{ insert: param, au-06.05_odp.02 }} "] to further enhance the ability to identify inappropriate or unusual activity.