Navigate

SI-7 (8)

SI-7 (8): Auditing Capability For Significant Events

The information system, upon detection of a potential integrity violation, provides the capability to audit the event and initiates the following actions: [Selection (one or more): generates an audit record; alerts current user; alerts [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined other actions]].

Supplemental

Organizations select response actions based on types of software, specific software, or information for which there are potential integrity violations.

CIA Levels
Confidentiality	unknown
Integrity	moderate
Availability	unknown

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to SI-7 (8).

Control	Description
AU-2	The organization: AU-2a.: Determines that the information system is capable of auditing the following events: [Assignment: organization-defined auditable events]; AU-2b.: Coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events; AU-2c.: Provides a rationale for why the auditable events are deemed to be adequate to support after-the-fact investigations of security incidents; and AU-2d.: Determines that the following events are to be audited within the information system: [Assignment: organization-defined audited events (the subset of the auditable events defined in AU-2 a.) along with the frequency of (or situation requiring) auditing for each identified event].
AU-6	The organization: AU-6a.: Reviews and analyzes information system audit records [Assignment: organization-defined frequency] for indications of [Assignment: organization-defined inappropriate or unusual activity]; and AU-6b.: Reports findings to [Assignment: organization-defined personnel or roles].
AU-12	The information system: AU-12a.: Provides audit record generation capability for the auditable events defined in AU-2 a. at [Assignment: organization-defined information system components]; AU-12b.: Allows [Assignment: organization-defined personnel or roles] to select which auditable events are to be audited by specific components of the information system; and AU-12c.: Generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Enhancements

The controls below (if any) add on to the requirements of SI-7 (8).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-7 (8).

CCI	Definition
CCI-002721	The organization defines the personnel or roles that are to be alerted by the information system when it detects a potential integrity violation.
CCI-002722	The organization defines other actions that can be taken when the information system detects a potential integrity violation.
CCI-002723	The information system, upon detection of a potential integrity violation, provides the capability to audit the event.
CCI-002724	The information system, upon detection of a potential integrity violation, initiates one or more of the following actions: generates an audit record; alerts the current user; alerts organization-defined personnel or roles; and/or organization-defined other actions.