myctrl.tools
Compare

AC-4(26)Audit Filtering Actions

>Control Description

When transferring information between different security domains, record and audit content filtering actions and results for the information being filtered.

>Supplemental Guidance

Content filtering is the process of inspecting information as it traverses a cross-domain solution and determines if the information meets a predefined policy. Content filtering actions and the results of filtering actions are recorded for individual messages to ensure that the correct filter actions were applied. Content filter reports are used to assist in troubleshooting actions by, for example, determining why message content was modified and/or why it failed the filtering process.

Audit events are defined in AU-2. Audit records are generated in AU-12.

>Related Controls

AU-2
AU-3
AU-12

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of AC-4(26) (Audit Filtering Actions)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring AC-4(26)?
  • How frequently is the AC-4(26) policy reviewed and updated, and what triggers policy changes?
  • What training or awareness programs ensure personnel understand their responsibilities related to AC-4(26)?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce AC-4(26) requirements.
  • What automated tools, systems, or technologies are deployed to implement AC-4(26)?
  • How is AC-4(26) integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce AC-4(26) requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of AC-4(26)?
  • What audit logs, records, reports, or monitoring data validate AC-4(26) compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of AC-4(26) effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate AC-4(26) compliance?

Ask AI

Configure your API key to use AI features.