>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AU-12Audit Record Generation

LI-SaaS
Low
Moderate
High

>Control Description

a

Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2a on organization-defined system components;

b

Allow organization-defined personnel or roles to select the event types that are to be logged by specific components of the system; and

c

Generate audit records for the event types defined in AU-2c that include the audit record content defined in AU-3.

>FedRAMP Baseline Requirements

Parameter Values

a
all information system and network components where audit capability is deployed/available

>Discussion

Audit records can be generated from many different system components. The event types specified in AU-2d are the event types for which audit logs are to be generated and are a subset of all event types for which the system can generate audit records.

>Cross-Framework Mappings

SCF

MON-06
Compare

>Programmatic Queries

Beta

Related Services

CloudTrail
Config
VPC Flow Logs
S3 Access Logging

CLI Commands

Check CloudTrail is enabled
aws cloudtrail describe-trails --query 'trailList[*].{Name:Name,IsMultiRegion:IsMultiRegionTrail,IsOrg:IsOrganizationTrail}'
Verify Config is recording
aws configservice describe-configuration-recorder-status
List VPC Flow Logs
aws ec2 describe-flow-logs --query 'FlowLogs[*].{Id:FlowLogId,Status:FlowLogStatus,ResourceId:ResourceId}'
Check S3 access logging
aws s3api get-bucket-logging --bucket BUCKET_NAME
Open AWS ConsoleDocumentation

>Relevant Technologies

Technology-specific guidance with authoritative sources and verification commands.

SplunkDatadogPalo Alto Networks

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of AU-12 (Audit Record Generation)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring AU-12?
  • How frequently is the AU-12 policy reviewed and updated, and what triggers policy changes?
  • What training or awareness programs ensure personnel understand their responsibilities related to AU-12?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce AU-12 requirements.
  • What automated tools, systems, or technologies are deployed to implement AU-12?
  • How is AU-12 integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce AU-12 requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of AU-12?
  • What audit logs, records, reports, or monitoring data validate AU-12 compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of AU-12 effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate AU-12 compliance?

Ask AI

Configure your API key to use AI features.