home || catalog: SP800-53rev3 / class: Technical / family: (AU) Audit and Accountability ||
search controls:
search nistpubs:

AC
AT
AU

AU-01
AU-02
AU-03 *
AU-04
AU-05
AU-06
AU-07
AU-08
AU-09
AU-10
AU-11
AU-12
AU-13
AU-14
AU-3, AC-22

CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
RA
SA
SC
SI
MMMMM

  AU-03: Content of Audit Records  

base control objective:
The information system produces audit records that contain sufficient information to, at a minimum, establish what type of event occurred, when (date and time) the event occurred, where the event occurred, the source of the event, the outcome (success or failure) of the event, and the identity of any user/subject associated with the event.

supplemental objective information:
Audit record content that may be necessary to satisfy the requirement of this control, includes, for example, timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked.

enhancements to the base objective:

(1) The information system includes [Assignment: organization-defined additional, more detailed information] in the audit records for audit events identified by type, location, or subject.

Enhancement Supplemental Guidance: An example of detailed information that the organization may require in audit records is full-text recording of privileged commands.

(2) The organization centrally manages the content of audit records generated by [Assignment: organization-defined information system components].

mapping to FIPS199 baseline:

  LOW: base     MOD: base (1)     HIGH: base (1) (2)  

related (regimented) controls:

AU-02   Auditable Events
AU-08   Time Stamps

documents referenced in SP800-53rev3 for AU-03:

Document Date Status Title
NIST SP800-12 October, 1995 current   An Introduction to Computer Security: The NIST Handbook
NIST SP800-19 October, 1999 current   Mobile Agent Security
NIST SP800-92 September, 2006 current   Guide to Computer Security Log Management
NIST SP800-94 August, 2006 DRAFT   Guide to Intrusion Detection and Prevention Systems (IDPS)

Search SP800-53rev3 catalog: