CCI-001874

The organization adjusts the level of audit reporting within the information system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.

Implementation Guidance

The organization being inspected/assessed documents and implements a process for adjusting the level of audit reporting within the information system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information (e.g., INFOCON).

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process and supporting records to ensure the organization being inspected/assessed adjusts the level of audit reporting within the information system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.

Compelling Evidence

1.) A policy with a section pertaining to changing level of audit reporting when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information. 2.) Examples of organization adjustments of audit review, analysis, and reporting within the information system when there is a change in risk.

The controls below (if any) were marked by NIST as being related to CCI-001874.