myctrl.tools
Compare

SI-7(8)Auditing Capability For Significant Events

>Control Description

Upon detection of a potential integrity violation, provide the capability to audit the event and initiate the following actions: generate an audit record; alert current user; alert [Assignment: organization-defined personnel or roles; organization-defined other actions].

>Supplemental Guidance

Organizations select response actions based on types of software, specific software, or information for which there are potential integrity violations.

>Related Controls

AU-2
AU-6
AU-12

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern auditing capability for significant events?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to auditing capability for significant events issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-7(8) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?

Ask AI

Configure your API key to use AI features.