CCI-001887
CCI-001887 Definition
Status | |
Type | CheckType.technical |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed must employ information systems that provide the capability to search audit records for events of interest based on the content of audit fields within audit records as defined in AU-7 (2), CCI 1885. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 1887.
Validation Procedures
The organization conducting the inspection/assessment examines the information system to ensure that the organization being inspected/assessed employs information systems that provide the capability to search audit records for events of interest based on the content of audit fields within audit records as defined in AU-7 (2), CCI 1885. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 1887.
Compelling Evidence
1.) Signed and dated audit and accountability policy 2.) Example of audit log report based on events of interest