CCI-001872

The organization adjusts the level of audit review and analysis within the information system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.

Implementation Guidance

The organization being inspected/assessed documents and implements a process for adjusting the level of audit review within the information system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information (e.g., INFOCON).

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process and supporting records to ensure the organization being inspected/assessed adjusts the level of audit review within the information system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.

Compelling Evidence

1.) Signed and dated policy with a section pertaining to changing level of audit review and analysis when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information. 2.) Examples of organization adjustments of audit review, analysis, and reporting within the information system when there is a change in risk.

The controls below (if any) were marked by NIST as being related to CCI-001872.