Navigate

CCI-001870

CCI-001870 Definition

The organization performs a full-text analysis of audited privileged commands in a physically-distinct component or subsystem of the information system, or other information system that is dedicated to that analysis.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to perform a full-text analysis of audited privileged commands in a physically-distinct component or subsystem of the information system, or other information system that is dedicated to that analysis.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process and supporting records (e.g., analysis results) to ensure the organization being inspected/assessed performs a full-text analysis of audited privileged commands in a physically-distinct component or subsystem of the information system, or other information system that is dedicated to that analysis.

Compelling Evidence

1.) Example of a full text analysis of audited privilege commands and dedicated information system 2.) Signed and dated audit and accountability policy

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001870.

Control	Description
AU-6 (8)	The organization performs a full text analysis of audited privileged commands in a physically distinct component or subsystem of the information system, or other information system that is dedicated to that analysis.