Basic Security Requirements:
3.1 Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity.
3.2 Ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions.
Derived Security Requirements:
3.3 Review and update audited events.
3.4 Alert in the event of an audit process failure.
3.5 Correlate audit review, analysis, and reporting processes for investigation and response to indications of inappropriate, suspicious, or unusual activity.
3.6 Provide audit reduction and report generation to support on-demand analysis and reporting.
3.7 Provide an information system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.
3.8 Protect audit information and audit tools from unauthorized access, modification, and deletion.
3.9 Limit management of audit functionality to a subset of privileged users.