Navigate

CCI-003818

CCI-003818 Definition

Adjust the level of audit review and analysis within the system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if the level of audit record review, analysis, and reporting within the system is adjusted when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; system security plan; privacy plan; procedures addressing audit review, analysis, and reporting; reports of audit findings; records of actions taken in response to reviews/analyses of audit records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with audit review, analysis, and reporting responsibilities; organizational personnel with information security and privacy responsibilities].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003818.

Control	Description
AU-6	a: Review and analyze system audit records [frequency at which system audit records are reviewed and analyzed is defined;] for indications of [inappropriate or unusual activity is defined;] and the potential impact of the inappropriate or unusual activity; b: Report findings to [personnel or roles to receive findings from reviews and analyses of system records is/are defined;] ; and c: Adjust the level of audit record review, analysis, and reporting within the system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.

Control

Description

AU-6

a: Review and analyze system audit records [frequency at which system audit records are reviewed and analyzed is defined;] for indications of [inappropriate or unusual activity is defined;] and the potential impact of the inappropriate or unusual activity;

b: Report findings to [personnel or roles to receive findings from reviews and analyses of system records is/are defined;] ; and

c: Adjust the level of audit record review, analysis, and reporting within the system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.