03.03.03: Audit Record Generation

Control Familly: Audit and Accountability

SPRS: N/A

Top Ten Failed Requirement: N/A

Supporting Publications:

SP 800-92 [35]

Referenced in: N/A

Control Type: N/A

CPCSC Level 2: 03.03.03

CMMC Level(s): N/A

Derived From: NIST SP 800-53r5

AU-11
AU-12

a. Generate audit records for the selected event types and audit record content specified in 03.03.01 and 03.03.02.

b. Retain audit records for a time period consistent with the records retention policy.

Discussion:

Audit records can be generated at various levels of abstraction, including at the packet level as information traverses the network. Selecting the appropriate level of abstraction is a critical aspect of an audit logging capability and can facilitate the identification of root causes to problems. The ability to add information generated in audit records is dependent on system functionality to configure the audit record content. Organizations may consider additional information in audit records, including the access control or flow control rules invoked and the individual identities of group account users. Organizations may also consider limiting additional audit record information to only information that is explicitly needed for audit requirements.

Assessment Methods and Objectives

Examine [SELECT FROM: audit and accountability policy and procedures; procedures for audit record generation; system design documentation; list of auditable events; system audit records; audit record retention policy and procedures; organization-defined retention period for audit records; audit record archives; system configuration settings; system security plan; other relevant documents or records]

Interview [SELECT FROM: personnel with audit record generation responsibilities; personnel with audit record retention responsibilities; personnel with information security responsibilities; system developers; system administrators]

Test [SELECT FROM: mechanisms for implementing the audit record generation capability]