Navigate

AC-2 (4)

AC-2 (4): Automated Audit Actions

The information system automatically audits account creation, modification, enabling, disabling, and removal actions, and notifies [Assignment: organization-defined personnel or roles].

Supplemental

None

CIA Levels
Confidentiality	low
Integrity	low
Availability	unknown

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to AC-2 (4).

Control	Description
AU-2	The organization: AU-2a.: Determines that the information system is capable of auditing the following events: [Assignment: organization-defined auditable events]; AU-2b.: Coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events; AU-2c.: Provides a rationale for why the auditable events are deemed to be adequate to support after-the-fact investigations of security incidents; and AU-2d.: Determines that the following events are to be audited within the information system: [Assignment: organization-defined audited events (the subset of the auditable events defined in AU-2 a.) along with the frequency of (or situation requiring) auditing for each identified event].
AU-12	The information system: AU-12a.: Provides audit record generation capability for the auditable events defined in AU-2 a. at [Assignment: organization-defined information system components]; AU-12b.: Allows [Assignment: organization-defined personnel or roles] to select which auditable events are to be audited by specific components of the information system; and AU-12c.: Generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Control

Description

AU-2

The organization:

AU-2a.: Determines that the information system is capable of auditing the following events: [Assignment: organization-defined auditable events];

AU-2b.: Coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events;

AU-2c.: Provides a rationale for why the auditable events are deemed to be adequate to support after-the-fact investigations of security incidents; and

AU-2d.: Determines that the following events are to be audited within the information system: [Assignment: organization-defined audited events (the subset of the auditable events defined in AU-2 a.) along with the frequency of (or situation requiring) auditing for each identified event].

AU-12

The information system:

AU-12a.: Provides audit record generation capability for the auditable events defined in AU-2 a. at [Assignment: organization-defined information system components];

AU-12b.: Allows [Assignment: organization-defined personnel or roles] to select which auditable events are to be audited by specific components of the information system; and

AU-12c.: Generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Enhancements

The controls below (if any) add on to the requirements of AC-2 (4).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-2 (4).

CCI	Definition
CCI-000018	The information system automatically audits account creation actions.
CCI-001403	The information system automatically audits account modification actions.
CCI-001404	The information system automatically audits account disabling actions.
CCI-001405	The information system automatically audits account removal actions.
CCI-001683	The information system notifies organization-defined personnel or roles for account creation actions.
CCI-001684	The information system notifies organization-defined personnel or roles for account modification actions.
CCI-001685	The information system notifies organization-defined personnel or roles for account disabling actions.
CCI-001686	The information system notifies organization-defined personnel or roles for account removal actions.
CCI-002130	The information system automatically audits account enabling actions.
CCI-002131	The organization defines the personnel or roles to be notified on account creation, modification, enabling, disabling, and removal actions.
CCI-002132	The information system notifies organization-defined personnel or roles for account enabling actions.