| 3.3.1.a |
P |
Audit Logs for Monitoring Unauthorized System Activity |
| 3.3.1.a |
T |
Audit Logs for Monitoring Unauthorized System Activity Training Material and Comprehension Quiz |
| 3.3.1.b |
P |
Defined Audit Record Content for Monitoring Unauthorized System Activity |
| 3.3.1.b |
T |
Audit Record Content for Monitoring Unauthorized System Activity Training Material and Comprehension Quiz |
| 3.3.1.c |
P |
Audit Records |
| 3.3.1.c |
T |
Audit Records Creation Training Material and Comprehension Quiz |
| 3.3.1.d |
P |
Ensuring Audit Records Contain the Required Content |
| 3.3.1.d |
T |
Ensuring Required Content in Audit Records Training Material and Comprehension Quiz |
| 3.3.1.e |
P |
Retention Requirements for Audit Records |
| 3.3.1.e |
T |
Retention Requirements for Audit Records Training Material and Comprehension Quiz |
| 3.3.1.f |
P |
Audit Records Retention |
| 3.3.1.f |
T |
Audit Records Retention Training Material and Comprehension Quiz |
| 3.3.2 |
P |
Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions. |
| 3.3.2 |
T |
Training Materials: User Accountability (AU.L2-3.3.2) |
| 3.3.2.a |
P |
Defining the Content of Audit Records to Uniquely Trace Users to Their Actions |
| 3.3.2.b |
P |
Ensuring Audit Records Contain the Defined Content |
| 3.3.3 |
P |
Event Review Policy |
| 3.3.3 |
T |
Training Materials: Event Review (AU.L2-3.3.3) |
| 3.3.3.a |
P |
Defining a Process for Determining When to Review Logged Events |
| 3.3.3.a |
T |
Defining a Process for Determining When to Review Logged Events Policy Training Material and Comprehension Quiz |
| 3.3.3.b |
P |
Reviewing Logged Event Types in Accordance with the Defined Review Process |
| 3.3.3.b |
T |
Reviewing Logged Event Types in Accordance with the Defined Review Process Policy Training Material and Comprehension Quiz |
| 3.3.3.c |
P |
Updating Logged Event Types Based on Review |
| 3.3.3.c |
T |
Updating Logged Event Types Based on Review Policy Training Material and Comprehension Quiz |
| 3.3.4 |
P |
Alert in the event of an audit logging process failure. |
| 3.3.4 |
T |
Training Materials: Audit Failure Alerting (AU.L2-3.3.4) |
| 3.3.4.b |
P |
Audit Logging Process Failures That Trigger Alerts |
| 3.3.4.b |
T |
Audit Logging Process Failures That Trigger Alerts Training Material and Comprehension Quiz |
| 3.3.4.c |
P |
Alerting Identified Personnel During Audit Logging Failures |
| 3.3.4.c |
T |
Alerting Identified Personnel During Audit Logging Failures Training Material and Comprehension Quiz |
| 3.3.5 |
P |
Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. |
| 3.3.5 |
T |
Training Materials: Audit Correlation (AU.L2-3.3.5) |
| 3.3.5.a |
P |
Audit Record Review, Analysis, and Reporting Processes for Investigation and Response to Unlawful, Unauthorized, Suspicious, or Unusual Activity |
| 3.3.5.a |
T |
Audit Record Review, Analysis, and Reporting Processes for Investigation and Response to Unlawful, Unauthorized, Suspicious, or Unusual Activity Policy Training Material and Comprehension Quiz |
| 3.3.5.b |
P |
Correlating Audit Record Review, Analysis, and Reporting Processes |
| 3.3.5.b |
T |
Correlating Audit Record Review, Analysis, and Reporting Processes Policy Training Material and Comprehension Quiz |
| 3.3.6 |
P |
Provide audit record reduction and report generation to support on-demand analysis and reporting. |
| 3.3.6 |
T |
Training Materials: Reduction & Reporting (AU.L2-3.3.6) |
| 3.3.6.a |
P |
Audit Record Reduction Capability for On-Demand Analysis |
| 3.3.6.a |
T |
Audit Record Reduction Capability for On-Demand Analysis Training Material and Comprehension Quiz |
| 3.3.6.b |
P |
Report Generation Capability for On-Demand Reporting |
| 3.3.6.b |
T |
Report Generation Capability for On-Demand Reporting Training Material and Comprehension Quiz |
| 3.3.7 |
P |
Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records. |
| 3.3.7 |
T |
Training Materials: Authoritative Time Source (AU.L2-3.3.7) |
| 3.3.7.a |
P |
Internal System Clocks to Generate Audit Record Timestamps |
| 3.3.7.a |
T |
Internal System Clocks to Generate Audit Record Timestamps Policy Training Material and Comprehension Quiz |
| 3.3.7.b |
P |
Specifying and Synchronizing Internal System Clocks |
| 3.3.7.b |
T |
Specifying and Synchronizing Internal System Clocks Policy Training Material and Comprehension Quiz |
| 3.3.7.c |
P |
Comparing and Synchronizing Internal System Clocks |
| 3.3.7.c |
T |
Comparing and Synchronizing Internal System Clocks Policy Training Material and Comprehension Quiz |
| 3.3.8 |
P |
Protect audit information and audit logging tools from unauthorized access, modification, and deletion. |
| 3.3.8 |
T |
Training Materials: Audit Protection (AU.L2-3.3.8) |
| 3.3.8.a |
P |
Protection of Audit Information from Unauthorized Access |
| 3.3.8.a |
T |
Protection of Audit Information from Unauthorized Access Training Material and Comprehension Quiz |
| 3.3.8.b |
P |
Protection of Audit Information from Unauthorized Modification |
| 3.3.8.b |
T |
Protection of Audit Information from Unauthorized Modification Training Material and Comprehension Quiz |
| 3.3.8.c |
P |
Protection of Audit Information from Unauthorized Deletion |
| 3.3.8.c |
T |
Protection of Audit Information from Unauthorized Deletion Training Material and Comprehension Quiz |
| 3.3.8.d |
P |
Protection of Audit Logging Tools from Unauthorized Access |
| 3.3.8.d |
T |
Protection of Audit Logging Tools from Unauthorized Access Training Material and Comprehension Quiz |
| 3.3.8.e |
P |
Protection of Audit Logging Tools from Unauthorized Modification |
| 3.3.8.e |
T |
Protection of Audit Logging Tools from Unauthorized Modification Training Material and Comprehension Quiz |
| 3.3.9 |
P |
Limit management of audit logging functionality to a subset of privileged users. |
| 3.3.9 |
T |
Training Materials: Audit Management (AU.L2-3.3.9) |
| 3.3.9.a |
P |
Audit Logging Privileged Users |
| 3.3.9.a |
T |
Audit Logging Privileged Users Policy Training Material and Comprehension Quiz |
| 3.3.9.b |
P |
Limiting Audit Logging Management to Authorized Privileged Users |
| 3.3.9.b |
T |
Limiting Audit Logging Management to Authorized Privileged Users Policy Training Material and Comprehension Quiz |
