>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AU-6(1)Audit Record Review, Analysis, and Reporting | Automated Process Integration

IL4 Mod
IL4 High
IL5
IL6

>Control Description

Integrate audit record review, analysis, and reporting processes using organization-defined automated mechanisms.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Organizational processes that benefit from integrated audit record review, analysis, and reporting include incident response, continuous monitoring, contingency planning, investigation and response to suspicious activities, and Inspector General audits.

>Programmatic Queries

Beta

Related Services

AWS CloudTrail
EventBridge
Lambda

CLI Commands

Create EventBridge rule to automatically trigger audit review Lambda functions
aws events put-rule --name audit-review-rule --schedule-expression 'cron(0 */4 * * ? *)' --state ENABLED
Add Lambda function as target for automated audit log processing and review
aws events put-targets --rule audit-review-rule --targets 'Id=1,Arn=arn:aws:lambda:us-east-1:123456789012:function:audit-review-function'
Create SNS topic for automated audit review notifications
aws sns create-topic --name audit-review-notifications
Setup CloudWatch Logs Insights queries for continuous automated log analysis
aws logs start-query --log-group-name /aws/cloudtrail/audit-logs --start-time 1609459200 --end-time 1609545600 --query-string 'fields @timestamp, eventName | stats count() by eventName'
Open AWS ConsoleDocumentation

>Related Controls

PM-7

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of AU-6(1) (Automated Process Integration)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring AU-6(1)?
  • How frequently is the AU-6(1) policy reviewed and updated, and what triggers policy changes?
  • What training or awareness programs ensure personnel understand their responsibilities related to AU-6(1)?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce AU-6(1) requirements.
  • What automated tools, systems, or technologies are deployed to implement AU-6(1)?
  • How is AU-6(1) integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce AU-6(1) requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of AU-6(1)?
  • What audit logs, records, reports, or monitoring data validate AU-6(1) compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of AU-6(1) effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate AU-6(1) compliance?

Ask AI

Configure your API key to use AI features.