Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

au-2

audit events

assessment objective:

Determine if the organization:

au-2(a)

au-2(a)[1]    

defines the auditable events that the information system must be capable of auditing;

au-2(a)[2]

determines that the information system is capable of auditing organization-defined auditable events;

au-2(b)

coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events;

au-2(c)

provides a rationale for why the auditable events are deemed to be adequate to support after-the-fact investigations of security incidents;

au-2(d)

au-2(d)[1]

defines the subset of auditable events defined in AU-2a that are to be audited within the information system;

au-2(d)[2]

determines that the subset of auditable events defined in AU-2a are to be audited within the information system; and

au-2(d)[3]

determines the frequency of (or situation requiring) auditing for each identified event.

potential assessment methods and objects:

Examine: [select from: Audit and accountability policy; procedures addressing auditable events; security plan; information system design documentation; information system configuration settings and associated documentation; information system audit records; information system auditable events; other relevant documents or records].

Interview: [select from: Organizational personnel with audit and accountability responsibilities; organizational personnel with information security responsibilities; system/network administrators].

Test: [select from: Automated mechanisms implementing information system auditing].