Navigate

CCI-001868

CCI-001868 Definition

The organization specifies the permitted actions for each information system process, role, and/or user associated with the review and analysis of audit information.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed specifies and documents the permitted actions for each information system process, role, and/or user associated with the review and analysis of audit information.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented permitted actions to ensure the organization being inspected/assessed specifies the permitted actions for each information system process, role, and/or user associated with the review and analysis of audit information.

Compelling Evidence

1.) Documentation that specifies the permitted actions for each information system process, role, and/or user associated with the review and analysis of audit information 2.) Signed and dated audit and accountability policy

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001868.

Control	Description
AU-6 (7)	The organization specifies the permitted actions for each [Selection (one or more): information system process; role; user] associated with the review, analysis, and reporting of audit information.