AC-2(4)

AC-2(4): Automated Audit Actions

The information system automatically audits account creation, modification, enabling, disabling, and removal actions, and notifies [one of ].

Overlays
None

CSF Categories
None

The controls below (if any) were marked by NIST as being related to AC-2(4).

Control	Description
AU-2	The organization: a: Determines that the information system is capable of auditing the following events: [one of ]; b: Coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events; c: Provides a rationale for why the auditable events are deemed to be adequate to support after-the-fact investigations of security incidents; and d: Determines that the following events are to be audited within the information system: [one of ].
AU-12	The information system: a: Provides audit record generation capability for the auditable events defined in AU-2 a. at [one of ]; b: Allows [one of ] to select which auditable events are to be audited by specific components of the information system; and c: Generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Control

Description

a: Determines that the information system is capable of auditing the following events: [one of ];

b: Coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events;

c: Provides a rationale for why the auditable events are deemed to be adequate to support after-the-fact investigations of security incidents; and

d: Determines that the following events are to be audited within the information system: [one of ].

a: Provides audit record generation capability for the auditable events defined in AU-2 a. at [one of ];

b: Allows [one of ] to select which auditable events are to be audited by specific components of the information system; and

c: Generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

The controls below (if any) add on to the requirements of AC-2(4).

Control	Description
No controls

The CCIs below are tied to AC-2(4).

CCI	Definition
CCI-000018	Automatically audit account creation actions.
CCI-001403	Automatically audit account modification actions.
CCI-001404	Automatically audit account disabling actions.
CCI-001405	Automatically audit account removal actions.
CCI-001683	The information system notifies organization-defined personnel or roles for account creation actions.
CCI-001684	The information system notifies organization-defined personnel or roles for account modification actions.
CCI-001685	The information system notifies organization-defined personnel or roles for account disabling actions.
CCI-001686	The information system notifies organization-defined personnel or roles for account removal actions.
CCI-002130	Automatically audit account enabling actions.
CCI-002131	The organization defines the personnel or roles to be notified on account creation, modification, enabling, disabling, and removal actions.
CCI-002132	The information system notifies organization-defined personnel or roles for account enabling actions.