>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AU.L2-3.3.5Audit Correlation

Level 2
800-171: 3.3.5

>Control Description

Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity.

>Cross-Framework Mappings

NIST SP 800-171

3.3.5
Compare

SCF

MON-02
Compare
MON-02.1
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • How do you govern the audit correlation and analysis process?
  • Who is responsible for performing audit record correlation and analysis?
  • What is your process for investigating suspicious activities identified through correlation?
  • How do you ensure timely review and response to correlated audit findings?

Technical Implementation:

  • What SIEM or log analysis tools correlate audit records?
  • How do you aggregate logs from multiple sources for correlation?
  • What correlation rules detect suspicious patterns?
  • What technologies enable cross-system audit analysis?
  • How do you visualize correlated audit data?

Evidence & Documentation:

  • What audit logging configuration documentation can you provide?
  • What sample audit logs demonstrate required events are logged?
  • What audit log review documentation shows periodic review?
  • What SIEM screenshots show audit log aggregation and analysis?
  • What audit retention documentation shows logs are retained per policy?
  • What evidence shows audit logs are protected from modification?

Ask AI

Configure your API key to use AI features.