Navigate

CCI-001868

CCI-001868 Definition

Specify the permitted actions for each information system process, role, and/or user associated with the review and analysis of audit information.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if the permitted actions for each [AU-06(07)_ODP; one or more of the following PARAMETER VALUES is/are selected: {system process; role; user}] associated with the review, analysis, and reporting of audit record information are specified.

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; procedures addressing process, role and/or user permitted actions from audit review, analysis, and reporting; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with audit review, analysis, and reporting responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Mechanisms supporting permitted actions for the review, analysis, and reporting of audit information].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001868.

Control	Description
AU-6(7)	Specify the permitted actions for each [one or more of "system process"/"role"/"user"] associated with the review, analysis, and reporting of audit record information.