home || catalog: SP800-53rev3 / class: Technical / family: (AU) Audit and Accountability ||
search controls:
search nistpubs:

AC
AT
AU

AU-01
AU-02
AU-03
AU-04
AU-05
AU-06
AU-07
AU-08
AU-09
AU-10
AU-11
AU-12 *
AU-13
AU-14

CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
RA
SA
SC
SI
MMMMM

  AU-12: Audit Generation  

base control objective:
The information system:
a. Provides audit record generation capability for the list of auditable events defined in AU-2 at [Assignment: organization-defined information system components];
b. Allows designated organizational personnel to select which auditable events are to be audited by specific components of the system; and
c. Generates audit records for the list of audited events defined in AU-02.

supplemental objective information:
Audits records can be generated from various components within the information system. The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (i.e., auditable events).

enhancements to the base objective:

(1) The information system compiles audit records from [Assignment: organization-defined information system components] into a system-wide (logical or physical) audit trail that is time-correlated to within [Assignment: Organization-defined level of tolerance for relationship between time stamps of individual records in the audit trail].

Enhancement Supplemental Guidance: The audit trail is time-correlated if the time stamp in the individual audit records can be reliably related to the time stamp in other audit records to achieve a time ordering of the records within the organization-defined tolerance.

(2) The information system produces a system-wide (logical or physical) audit trail composed of audit records in a standardized format.
Enhancement Supplemental Guidance: Audit information normalized to a common standard promotes interoperability and exchange of such information between dissimilar devices and information systems. This facilitates an audit system that produces event information that can be more readily analyzed and correlated. System log records and audit records compliant with the Common Event Expression (CEE) are examples of standard formats for audit records. If individual logging mechanisms within the information system do not conform to a standardized format, the system may convert individual audit records into a standardized format when compiling the system-wide audit trail.

mapping to FIPS199 baseline:

  LOW: base     MOD: base     HIGH: base (1)  

related (regimented) controls:

AU-02   Auditable Events
AU-03   Content of Audit Records

documents referenced in SP800-53rev3 for AU-12:

None.

Document Date Status Title

Search SP800-53rev3 catalog: