Navigate

CCI-002047

CCI-002047 Definition

The organization defines the information system components on which the auditing that is to be performed can be changed by organization-defined individuals or roles.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the information system components on which the auditing that is to be performed can be changed by individuals or roles defined in AU-12 (3), CCI 1913. DoD has determined the information system components are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented information system components to ensure the organization being inspected/assessed has defined the information system components on which the auditing that is to be performed can be changed by the individuals or roles defined in AU-12 (3), CCI 1913. DoD has determined the information system components are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated audit and accountability policy, referencing section which defines the information system components on which the auditing that is to be performed can be changed 2.) Applicable STIG/SRG checks

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002047.

Control	Description
AU-12 (3)	The information system provides the capability for [Assignment: organization-defined individuals or roles] to change the auditing to be performed on [Assignment: organization-defined information system components] based on [Assignment: organization-defined selectable event criteria] within [Assignment: organization-defined time thresholds].