ARTIFACTS
AU: AUDIT & ACCOUNTABILITY
What's On This Page
Each control family has a page dedicated to presenting all of the artifacts associated with the controls and control enhancements in that family. This is a consolidated view of the artifacts organized in a way to make the information usable. From here you can navigate to the individual control pages where the artifacts associated with each control or control enhancement are displayed with the control. You can use the Links Panels to select the individual controls or control enhancements you want to work with.
Supplement the artifacts here with other relevent documents and records dictated by your risk-based cybersecurity program and your information supply chain requirements.
The Source of the Artifacts
The control information comes from NIST Special Publication 800-53R4, Security and Privacy Controls for Information Systems and Organizationsand Special Publication and NIST Special Publication 800-53AR4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations Building Effective Assessment Plans. We've normalized the artifact names and annotated them with information useful in understanding these artifacts in the context of your digital enterprise, information supply chain, and security architecture.
Essential Artifacts for Risk-Based Cybersecurity Programs
This section includes core documents for risk-based cybersecurity; the POLICY & PROCEDURES document for AUDIT & ACCOUNTABILITY; and documents that are widely used in the assessment of controls and control enhancements in the AUDIT & ACCOUNTABILITY family. Policy and Procedure documents from control families are in CAPS and identified with their two letter code.
| ARTIFACT |
| WIDELY USED ARTIFACTS FOR AUDIT & ACCOUNTABIITY |
| AUDIT & ACCOUNTABILITY POLICY & PROCEDURES (AU) |
| AUDIT & ACCOUNTABILITY policy |
| Information system design documentation |
| Information system configuration settings and associated documentation |
| Information system audit records |
Security Authorization Package Documents:
|
| ESSENTIALS |
| ACCESS CONTROL POLICY & PROCEDURES (AC) |
| Asset Inventory |
| AUDIT & ACCOUNTABILITY POLICY & PROCEDURES (AU) | Configuration Management Plan |
| CONFIGURATION MANAGEMENT POLICY & PROCEDURES (CM) |
Contingency Plan
|
| CONTINGENCY PLANNING POLICY & PROCEDURES (CP) |
| Continuous Monitoring Strategy |
| Continuous Monitoring Plan |
| Enterprise Architecture (EA) |
| IDENTIFICATION & AUTHENTICATION POLICY & PROCEDURES (IA) |
| INCIDENT RESPONSE POLICY & PROCEDURES (IR) |
| INFORMATION SECURITY PROGRAM PLAN (PM) |
| MEDIA PROTECTION POLICY & PROCEDURES (MP) |
| PERSONNEL SECURITY POLICY & PROCEDURES (PS) |
| PHYSICAL AND ENVIRONMENTAL PROTECTION POLICY & PROCEDURES (PE) |
| Privacy Impact Assessment |
| Privacy Program Plan |
| Risk Assessment |
| RISK ASSESSMENT POLICY & PROCEDURES (RA) |
| SECURITY ASSESSMENT & AUTHORIZATION POLICY & PROCEDURES (CA) |
| SECURITY AWARENESS AND TRAINING POLICY & PROCEDURES (AT) |
| Security Configurations |
| SECURITY PLANNING POLICY & PROCEDURES (PL) |
| SYSTEM AND COMMUNICATIONS PROTECTION POLICY & PROCEDURES (SC) |
| SYSTEM AND INFORMATION INTEGRITY POLICY & PROCEDURES (SI) |
| SYSTEM AND SERVICES ACQUISITION POLICY & PROCEDURES (SA) |
| System Interconnection Agreements |
| SYSTEM MAINTENANCE POLICY & PROCEDURES (MA) |
Policy & Procedures
Here you'll find a catalog of AUDIT & ACCOUNTABILITY (AU) related policies and procedures for managing access to your digital enterprise and information supply chain. Select those that enable your risk-based cybersecurity program.
| POLICES & PROCEDURES | APPLICABLE CONTROL(S) |
| Access control POLICY & PROCEDURES | AU-9 AU-9 (1) AU-9 (3) AU-9 (4) AU-9 (5) AU-9 (6) |
| AUDIT & ACCOUNTABILITY POLICY & PROCEDURES | AU-1 |
| Audit record retention POLICY & PROCEDURES | AU-11 AU-11 (1) |
| Procedures addressing alternate audit capability | AU-15 |
| Procedures addressing audit record generation | AU-12 AU-12 (1) AU-12 (2) AU-12 (3) |
| Procedures addressing audit reduction and report generation | AU-7 AU-7 (1) AU-7 (2) |
| Procedures addressing audit review, analysis, and reporting | AU-6 AU-6 (1) AU-6 (3) AU-6 (4) AU-6 (5) AU-6 (6) AU-6 (8) AU-6 (9) AU-6 (10) |
| Procedures addressing audit storage capacity | AU-4 AU-4 (1) |
| Procedures addressing auditable events | AU-2 AU-2 (3) |
| Procedures addressing content of audit records | AU-3 AU-3 (1) AU-3 (2) |
| Procedures addressing cross-organizational audit trails | AU-16 (1) |
| Procedures addressing cross-organizational sharing of audit information | AU-16 (2) |
| Procedures addressing information disclosure monitoring | AU-13 AU-13 (1) AU-13 (2) |
| Procedures addressing investigation and response to suspicious activities | AU-6 (1) |
| Procedures addressing methods for coordinating audit information among external organizations | AU-16 |
| Procedures addressing non-repudiation | AU-10 AU-10 (1) AU-10 (2) AU-10 (3) AU-10 (4) |
| Procedures addressing physical access monitoring | AU-6 (6) |
| Procedures addressing process, role and/or user permitted actions from audit review, analysis, and reporting | AU-6 (7) |
| Procedures addressing protection of audit information | AU-9 AU-9 (1) AU-9 (2) AU-9 (3) AU-9 (4) AU-9 (5) AU-9 (6) |
| Procedures addressing response to audit processing failures | AU-5 AU-5 (1) AU-5 (2) AU-5 (3) AU-5 (4) |
| Procedures addressing time stamp generation | AU-8 AU-8 (1) AU-8 (2) |
| Procedures addressing transfer of information system audit records to secondary or alternate systems | AU-4 (1) |
| Procedures addressing user session auditing | AU-14 AU-14 (1) AU-14 (2) AU-14 (3) |
Evidence, Records & Artifacts
Here you'll find a catalog of Audit & Accountability (AU) related policies and procedures for managing access to your digital enterprise and information supply chain. Select those that enable your risk-based cybersecurity program.
| ARTIFACT | APPLICABLE CONTROL(S) |
| Audit record storage requirements | AU-4 |
| Audit records | AU-11 AU-11 (1) |
| Audit reduction, review, analysis, and reporting tools | AU-7 AU-7 (1) AU-7 (2) |
| Audit tools | AU-9 |
| Auditable events review and update records | AU-2 (3) |
| Automated monitoring tools | AU-13 (1) |
| Configuration of network communications traffic volume thresholds | AU-5 (3) |
| Cross-organizational sharing agreements | AU-16 (2) |
| Data sharing agreements | AU-16 (2) |
| Documentation providing evidence of correlated information obtained from audit records and organization-defined nontechnical sources | AU-6 (6) AU-6 (9) |
| Information system audit records across different repositories | AU-6 (3) |
| Information system audit records transferred to secondary or alternate systems | AU-4 (1) |
| Information system auditable events | AU-2 |
| Information system hardware settings | AU-9 (1) AU-9 (3) |
| Information system incident reports | AU-2 (3) AU-3 |
| Information system storage media | AU-9 (1) |
| Integrated analysis of audit records, vulnerability scanning information, performance data, network monitoring information and associated documentation | AU-6 (5) |
| Logs of audit record transfers to secondary or alternate systems | AU-4 (1) |
| Methods for coordinating audit information among external organizations | AU-16 |
| Monitoring records | AU-13 |
| Organization-defined retention period for audit records | AU-11 |
| Organizational risk assessment | AU-6 (10) |
| Records of actions taken in response to reviews/analyses of audit records | AU-6 |
| Records of information reviews and releases | AU-10 (3) |
| Records of notifications or real-time alerts when audit processing failures occur | AU-5 (2) |
| Reports of audit findings | AU-6 |
| Reviews for open source information sites being monitored | AU-13 (2) |
| Security control assessment | AU-6 (10) |
| System audit records | AU-9 (2) |
| System or media storing backups of information | AU-9 (2) |
| System-wide audit trail (logical or physical) | AU-12 (1) AU-12 (2) |
| Test records for alternative audit capability | AU-15 |
| Text analysis documentation of audited privileged commands | AU-6 (8) |
| Text analysis tools and techniques | AU-6 (8) |
| Validation records | AU-10 (2) |
| Validation records | AU-10 (4) |
| Vulnerability assessment | AU-6 (10) |
Audit & Accountability (AU) Related Lists
These are the Audit & Accountability (AU) related lists you may need to support your security program. For the lists applicable to your systems and informations supply chain you should know the source of the list and the data it contains; how the lists are generated, where they are stored, and how they are maintained, and how to get the when you have an incident, an incident investigation or an audit.
| LIST | APPLICABLE CONTROL(S) |
| Access control list | AU-9 (4) AU-9 (6) |
| List of auditable events | AU-12 |
| List of information types from nontechnical sources for correlation with audit information | AU-6 (9) |
| List of organization-defined auditable events | AU-2 (3) AU-3 AU-3 (1) AU-3 (2) |
| List of personnel to be notified in case of an audit processing failure | AU-5 |
| System-generated list of individuals or roles authorized to change auditing to be performed | AU-12 (3) |
| System-generated list of privileged users with access to management of audit functionality | AU-9 (4) |
| System-generated list of privileged users with read-only access to audit information | AU-9 (6) |