Navigate

AC-2(4)

AC-2(4): Automated Audit Actions

The information system automatically audits account creation, modification, enabling, disabling, and removal actions, and notifies [organization-defined personnel or roles].

Supplemental

CIA Levels
Confidentiality	high
Integrity	high
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to AC-2(4).

Control	Description
AU-2	The organization: a: Determines that the information system is capable of auditing the following events: [organization-defined auditable events]; b: Coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events; c: Provides a rationale for why the auditable events are deemed to be adequate to support after-the-fact investigations of security incidents; and d: Determines that the following events are to be audited within the information system: [organization-defined audited events (the subset of the auditable events defined in AU-2 a.) along with the frequency of (or situation requiring) auditing for each identified event].
AU-12	The information system: a: Provides audit record generation capability for the auditable events defined in AU-2 a. at [organization-defined information system components]; b: Allows [organization-defined personnel or roles] to select which auditable events are to be audited by specific components of the information system; and c: Generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Control

Description

AU-2

The organization:

a: Determines that the information system is capable of auditing the following events: [organization-defined auditable events];

b: Coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events;

c: Provides a rationale for why the auditable events are deemed to be adequate to support after-the-fact investigations of security incidents; and

d: Determines that the following events are to be audited within the information system: [organization-defined audited events (the subset of the auditable events defined in AU-2 a.) along with the frequency of (or situation requiring) auditing for each identified event].

AU-12

The information system:

a: Provides audit record generation capability for the auditable events defined in AU-2 a. at [organization-defined information system components];

b: Allows [organization-defined personnel or roles] to select which auditable events are to be audited by specific components of the information system; and

c: Generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Enhancements

The controls below (if any) add on to the requirements of AC-2(4).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-2(4).

CCI	Definition
CCI-000018	Automatically audit account creation actions.
CCI-001403	Automatically audit account modification actions.
CCI-001404	Automatically audit account disabling actions.
CCI-001405	Automatically audit account removal actions.
CCI-001683	The information system notifies organization-defined personnel or roles for account creation actions.
CCI-001684	The information system notifies organization-defined personnel or roles for account modification actions.
CCI-001685	The information system notifies organization-defined personnel or roles for account disabling actions.
CCI-001686	The information system notifies organization-defined personnel or roles for account removal actions.
CCI-002130	Automatically audit account enabling actions.
CCI-002131	The organization defines the personnel or roles to be notified on account creation, modification, enabling, disabling, and removal actions.
CCI-002132	The information system notifies organization-defined personnel or roles for account enabling actions.