Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

au-3

content of audit records

assessment objective:

Determine if the information system generates audit records containing information that establishes:  

au-3[1]

what type of event occurred;

au-3[2]

when the event occurred;

au-3[3]

where the event occurred;

au-3[4]

the source of the event;

au-3[5]

the outcome of the event; and

au-3[6]

the identity of any individuals or subjects associated with the event.

potential assessment methods and objects:

Examine: [select from: Audit and accountability policy; procedures addressing content of audit records; information system design documentation; information system configuration settings and associated documentation; list of organization-defined auditable events; information system audit records; information system incident reports; other relevant documents or records].

Interview: [select from: Organizational personnel with audit and accountability responsibilities; organizational personnel with information security responsibilities; system/network administrators].

Test: [select from: Automated mechanisms implementing information system auditing of auditable events].