Navigate

CCI-003811

CCI-003811 Definition

Defines the frequency at which the event types selected for logging will be reviewed and updated.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if the event types selected for logging are reviewed and updated [AU-02_ODP[04]; the frequency of event types selected for logging are reviewed and updated].

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; procedures addressing auditable events; system security plan; privacy plan; system design documentation; system configuration settings and associated documentation; system audit records; system auditable events; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with audit and accountability responsibilities; organizational personnel with information security and privacy responsibilities; system/network administrators]. Test: [SELECT FROM: Mechanisms implementing system auditing].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003811.

Control	Description
AU-2	a: Identify the types of events that the system is capable of logging in support of the audit function: [the event types that the system is capable of logging in support of the audit function are defined;]; b: Coordinate the event logging function with other organizational entities requiring audit-related information to guide and inform the selection criteria for events to be logged; c: Specify the following event types for logging within the system: [one of ]; d: Provide a rationale for why the event types selected for logging are deemed to be adequate to support after-the-fact investigations of incidents; and e: Review and update the event types selected for logging [the frequency of event types selected for logging are reviewed and updated;].

Control

Description

AU-2

a: Identify the types of events that the system is capable of logging in support of the audit function: [the event types that the system is capable of logging in support of the audit function are defined;];

b: Coordinate the event logging function with other organizational entities requiring audit-related information to guide and inform the selection criteria for events to be logged;

c: Specify the following event types for logging within the system: [one of ];

d: Provide a rationale for why the event types selected for logging are deemed to be adequate to support after-the-fact investigations of incidents; and

e: Review and update the event types selected for logging [the frequency of event types selected for logging are reviewed and updated;].