CCI-001870

Perform a full-text analysis of logged privileged commands in a physically-distinct component or subsystem of the system, or other system that is dedicated to that analysis.

Implementation Guidance

Determine if a full text analysis of logged privileged commands in a physically distinct component or subsystem of the system or other system that is dedicated to that analysis is performed.

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; procedures addressing audit review, analysis, and reporting; system design documentation; system configuration settings and associated documentation; text analysis tools and techniques; text analysis documentation of audited privileged commands; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with audit review, analysis, and reporting responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Mechanisms implementing the capability to perform a full text analysis of audited privilege commands].

The controls below (if any) were marked by NIST as being related to CCI-001870.