Navigate

AU-3 (2)

AU-3 (2): Centralized Management Of Planned Audit Record Content

The information system provides centralized management and configuration of the content to be captured in audit records generated by [Assignment: organization-defined information system components].

Supplemental

This control enhancement requires that the content to be captured in audit records be configured from a central location (necessitating automation). Organizations coordinate the selection of required audit content to support the centralized management and configuration capability provided by the information system.

CIA Levels
Confidentiality	high
Integrity	high
Availability	unknown

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to AU-3 (2).

Control	Description
AU-6	The organization: AU-6a.: Reviews and analyzes information system audit records [Assignment: organization-defined frequency] for indications of [Assignment: organization-defined inappropriate or unusual activity]; and AU-6b.: Reports findings to [Assignment: organization-defined personnel or roles].
AU-7	The information system provides an audit reduction and report generation capability that: AU-7a.: Supports on-demand audit review, analysis, and reporting requirements and after-the-fact investigations of security incidents; and AU-7b.: Does not alter the original content or time ordering of audit records.

Enhancements

The controls below (if any) add on to the requirements of AU-3 (2).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AU-3 (2).

CCI	Definition
CCI-001844	The information system provides centralized management and configuration of the content to be captured in audit records generated by organization-defined information system components.
CCI-001845	The information system provides centralized configuration of the content to be captured in audit records generated by organization-defined information system components.
CCI-001846	The organization defines information system components that will generate the audit records which are to be captured for centralized management of the content.
CCI-001847	The organization defines information system components that will generate the audit records which are to be captured for centralized configuration of the content.