Under active development — Content is continuously updated and improved

Home / Frameworks / DoD SRG / AU — Audit and Accountability

AU — Audit and Accountability

37 controls in the Audit and Accountability family

AU-1Policy and Procedures

IL4 ModIL4 HighIL5IL6

AU-2Event Logging

IL4 ModIL4 HighIL5IL6

AU-3Content of Audit Records

IL4 ModIL4 HighIL5IL6

AU-3(1)Content of Audit Records | Additional Audit Information

IL4 ModIL4 HighIL5IL6

AU-4Audit Log Storage Capacity

IL4 ModIL4 HighIL5IL6

AU-5Response to Audit Logging Process Failures

IL4 ModIL4 HighIL5IL6

AU-5(1)Response to Audit Logging Process Failures | Storage Capacity Warning

IL4 ModIL4 HighIL5IL6

AU-5(2)Response to Audit Logging Process Failures | Real-time Alerts

AU-6Audit Record Review, Analysis, and Reporting

IL4 ModIL4 HighIL5IL6

AU-6(1)Audit Record Review, Analysis, and Reporting | Automated Process Integration

IL4 ModIL4 HighIL5IL6

AU-6(3)Audit Record Review, Analysis, and Reporting | Correlate Audit Record Repositories

IL4 ModIL4 HighIL5IL6

AU-6(4)Audit Record Review, Analysis, and Reporting | Central Review and Analysis

AU-6(5)Audit Record Review, Analysis, and Reporting | Integrated Analysis of Audit Records

AU-6(6)Audit Record Review, Analysis, and Reporting | Correlation with Physical Monitoring

AU-6(7)Audit Record Review, Analysis, and Reporting | Permitted Actions

AU-6(8)Audit Record Review, Analysis, and Reporting | Full Text Analysis of Privileged Commands

AU-6(9)Audit Record Review, Analysis, and Reporting | Correlation with Information from Nontechnical Sources

AU-7Audit Record Reduction and Report Generation

IL4 ModIL4 HighIL5IL6

AU-7(1)Audit Record Reduction and Report Generation | Automatic Processing

IL4 ModIL4 HighIL5IL6

AU-8Time Stamps

IL4 ModIL4 HighIL5IL6

AU-9Protection of Audit Information

IL4 ModIL4 HighIL5IL6

AU-9(2)Protection of Audit Information | Store on Separate Physical Systems or Components

AU-9(3)Protection of Audit Information | Cryptographic Protection

AU-9(4)Protection of Audit Information | Access by Subset of Privileged Users

IL4 ModIL4 HighIL5IL6

AU-9(5)Protection of Audit Information | Dual Authorization

AU-9(6)Protection of Audit Information | Read-only Access

AU-10Non-repudiation

AU-11Audit Record Retention

IL4 ModIL4 HighIL5IL6

AU-12Audit Record Generation

IL4 ModIL4 HighIL5IL6

AU-12(1)Audit Record Generation | System-wide and Time-correlated Audit Trail

AU-12(3)Audit Record Generation | Changes by Authorized Individuals

AU-14Session Audit

AU-14(1)Session Audit | System Start-up

AU-14(3)Session Audit | Remote Viewing and Listening

AU-16Cross-organizational Audit Logging

AU-16(1)Cross-organizational Audit Logging | Identity Preservation

AU-16(2)Cross-organizational Audit Logging | Sharing of Audit Information

← Back to all controls