Navigate

AU-7 (1)

AU-7 (1): Automatic Processing

The information system provides the capability to process audit records for events of interest based on [Assignment: organization-defined audit fields within audit records].

Supplemental

Events of interest can be identified by the content of specific audit record fields including, for example, identities of individuals, event types, event locations, event times, event dates, system resources involved, IP addresses involved, or information objects accessed. Organizations may define audit event criteria to any degree of granularity required, for example, locations selectable by general networking location (e.g., by network or subnetwork) or selectable by specific information system component.

CIA Levels
Confidentiality	moderate
Integrity	moderate
Availability	unknown

Overlays
Int-A, Int-B, Int-C, Privacy (High), Privacy (Mod), Privacy (PHI)

Related Controls

The controls below (if any) were marked by NIST as being related to AU-7 (1).

Control	Description
AU-2	The organization: AU-2a.: Determines that the information system is capable of auditing the following events: [Assignment: organization-defined auditable events]; AU-2b.: Coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events; AU-2c.: Provides a rationale for why the auditable events are deemed to be adequate to support after-the-fact investigations of security incidents; and AU-2d.: Determines that the following events are to be audited within the information system: [Assignment: organization-defined audited events (the subset of the auditable events defined in AU-2 a.) along with the frequency of (or situation requiring) auditing for each identified event].
AU-12	The information system: AU-12a.: Provides audit record generation capability for the auditable events defined in AU-2 a. at [Assignment: organization-defined information system components]; AU-12b.: Allows [Assignment: organization-defined personnel or roles] to select which auditable events are to be audited by specific components of the information system; and AU-12c.: Generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Control

Description

AU-2

The organization:

AU-2a.: Determines that the information system is capable of auditing the following events: [Assignment: organization-defined auditable events];

AU-2b.: Coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events;

AU-2c.: Provides a rationale for why the auditable events are deemed to be adequate to support after-the-fact investigations of security incidents; and

AU-2d.: Determines that the following events are to be audited within the information system: [Assignment: organization-defined audited events (the subset of the auditable events defined in AU-2 a.) along with the frequency of (or situation requiring) auditing for each identified event].

AU-12

The information system:

AU-12a.: Provides audit record generation capability for the auditable events defined in AU-2 a. at [Assignment: organization-defined information system components];

AU-12b.: Allows [Assignment: organization-defined personnel or roles] to select which auditable events are to be audited by specific components of the information system; and

AU-12c.: Generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Enhancements

The controls below (if any) add on to the requirements of AU-7 (1).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AU-7 (1).

CCI	Definition
CCI-000158	The information system provides the capability to process audit records for events of interest based on organization-defined audit fields within audit records.
CCI-001883	The organization defines the audit fields within audit records to be processed for events of interest by the information system.