Under active development — Content is continuously updated and improved

Home / Frameworks / NIST SP 800-53 / AU — Audit and Accountability

AU — Audit and Accountability

69 controls in the Audit and Accountability family

AU-1Policy And Procedures

AU-2Event Logging

AU-2(1)Compilation Of Audit Records From Multiple Sources

AU-2(2)Selection Of Audit Events By Component

AU-2(3)Reviews And Updates

AU-2(4)Privileged Functions

AU-3Content Of Audit Records

AU-3(1)Additional Audit Information

AU-3(2)Centralized Management Of Planned Audit Record Content

AU-3(3)Limit Personally Identifiable Information Elements

AU-4Audit Log Storage Capacity

AU-4(1)Transfer To Alternate Storage

AU-5Response To Audit Logging Process Failures

AU-5(1)Storage Capacity Warning

AU-5(2)Real-Time Alerts

AU-5(3)Configurable Traffic Volume Thresholds

AU-5(4)Shutdown On Failure

AU-5(5)Alternate Audit Logging Capability

AU-6Audit Record Review, Analysis, And Reporting

AU-6(1)Automated Process Integration

AU-6(2)Automated Security Alerts

AU-6(3)Correlate Audit Record Repositories

AU-6(4)Central Review And Analysis

AU-6(5)Integrated Analysis Of Audit Records

AU-6(6)Correlation With Physical Monitoring

AU-6(7)Permitted Actions

AU-6(8)Full Text Analysis Of Privileged Commands

AU-6(9)Correlation With Information From Nontechnical Sources

AU-6(10)Audit Level Adjustment

AU-7Audit Record Reduction And Report Generation

AU-7(1)Automatic Processing

AU-7(2)Automatic Sort And Search

AU-8Time Stamps

AU-8(1)Synchronization With Authoritative Time Source

AU-8(2)Secondary Authoritative Time Source

AU-9Protection Of Audit Information

AU-9(1)Hardware Write-Once Media

AU-9(2)Store On Separate Physical Systems Or Components

AU-9(3)Cryptographic Protection

AU-9(4)Access By Subset Of Privileged Users

AU-9(5)Dual Authorization

AU-9(6)Read-Only Access

AU-9(7)Store On Component With Different Operating System

AU-10Non-Repudiation

AU-10(1)Association Of Identities

AU-10(2)Validate Binding Of Information Producer Identity

AU-10(3)Chain Of Custody

AU-10(4)Validate Binding Of Information Reviewer Identity

AU-10(5)Digital Signatures

AU-11Audit Record Retention

AU-11(1)Long-Term Retrieval Capability

AU-12Audit Record Generation

AU-12(1)System-Wide And Time-Correlated Audit Trail

AU-12(2)Standardized Formats

AU-12(3)Changes By Authorized Individuals

AU-12(4)Query Parameter Audits Of Personally Identifiable Information

AU-13Monitoring For Information Disclosure

AU-13(1)Use Of Automated Tools

AU-13(2)Review Of Monitored Sites

AU-13(3)Unauthorized Replication Of Information

AU-14Session Audit

AU-14(1)System Start-Up

AU-14(2)Capture And Record Content

AU-14(3)Remote Viewing And Listening

AU-15Alternate Audit Logging Capability

AU-16Cross-Organizational Audit Logging

AU-16(1)Identity Preservation

AU-16(2)Sharing Of Audit Information

AU-16(3)Disassociability

← Back to all controls