AU.L2-3.3.2—User Accountability
Level 2
800-171: 3.3.2
>Control Description
Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your policy for individual user accountability?
- •How do you govern the use of shared accounts (if any)?
- •What procedures ensure users can be uniquely identified in audit logs?
- •How do you handle service accounts while maintaining accountability?
Technical Implementation:
- •How do you technically ensure each user has a unique identifier?
- •What mechanisms link user actions to individual accounts in audit logs?
- •How do you prevent users from sharing credentials or using generic accounts?
- •What technical controls enforce individual user accountability?
- •How are user identities tied to audit log entries?
Evidence & Documentation:
- •What audit logging configuration documentation can you provide?
- •What sample audit logs demonstrate required events are logged?
- •What audit log review documentation shows periodic review?
- •What SIEM screenshots show audit log aggregation and analysis?
- •What audit retention documentation shows logs are retained per policy?
- •What evidence shows audit logs are protected from modification?
Ask AI
Configure your API key to use AI features.