With 205 Controls, 423 enhancements and 1,394 definitions, it's overwhelming! Lucky for you, ISL's Cyber Security Professionals are here to help.

Contact us so we can discuss what Cyber Security controls mean to your organization.

AU-12 : AUDIT GENERATION

FAMILY: Audit and AccountabilityCLASS: Technical

AU-12 : AUDIT GENERATION

The information system:

a. Provides audit record generation capability for the list of auditable events defined in AU-2 at [Assignment: organization-defined information system components];

b. Allows designated organizational personnel to select which auditable events are to be audited by specific components of the system; and

c. Generates audit records for the list of audited events defined in AU-2 with the content as defined in AU-3. Audits records can be generated from various components within the information system. The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subset of the list of all events for which the system is capable of generating audit records (i.e., auditable events). Related controls: AU-2, AU-3.
Control Enhancements:
(1) The information system compiles audit records from [Assignment: organization-defined information system components] into a system-wide (logical or physical) audit trail that is time-correlated to within [Assignment: organization-defined level of tolerance for relationship between time stamps of individual records in the audit trail].
Enhancement Supplemental Guidance: The audit trail is time-correlated if the time stamp in the individual audit records can be reliably related to the time stamp in other audit records to achieve a time ordering of the records within the organization-defined tolerance.
(2) The information system produces a system-wide (logical or physical) audit trail composed of audit records in a standardized format.
Enhancement Supplemental Guidance: Audit information normalized to a common standard promotes interoperability and exchange of such information between dissimilar devices and information systems. This facilitates an audit system that produces event information that can be more readily analyzed and correlated. System log records and audit records compliant with the Common Event Expression (CEE) are examples of standard formats for audit records. If individual logging mechanisms within the information system do not conform to a standardized format, the system may convert individual audit records into a standardized format when compiling the system-wide audit trail.
References: None.
Priority and Baseline Allocation:
P1 LOW AU-12 MOD AU-12 HIGH AU-12 (1)