Navigate

AU-16 (2)

AU-16 (2): Sharing Of Audit Information

The organization provides cross-organizational audit information to [Assignment: organization-defined organizations] based on [Assignment: organization-defined cross-organizational sharing agreements].

Supplemental

Because of the distributed nature of the audit information, cross-organization sharing of audit information may be essential for effective analysis of the auditing being performed. For example, the audit records of one organization may not provide sufficient information to determine the appropriate or inappropriate use of organizational information resources by individuals in other organizations. In some instances, only the home organizations of individuals have the appropriate knowledge to make such determinations, thus requiring the sharing of audit information among organizations.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
Classified, Cross Domain (Access), Cross Domain (Multilevel), Cross Domain (Transfer), Int-A, Int-B, Int-C, Privacy (PHI)

Related Controls

The controls below (if any) were marked by NIST as being related to AU-16 (2).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of AU-16 (2).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AU-16 (2).

CCI	Definition
CCI-001927	The organization defines the organizations that will be provided cross-organizational audit information.
CCI-001928	The organization defines the cross-organizational sharing agreements to be established with organization-defined organizations authorized to be provided cross-organizational sharing of audit information.
CCI-001929	The organization provides cross-organizational audit information to organization-defined organizations based on organization-defined cross organizational sharing agreements.