AU-12

Audit and AccountabilityRev 5system

Audit Record Generation

Baselines:LowModerateHigh

Control Statement

a. Provide audit record generation capability for the event types the system is capable of auditing as defined in [AU-2a](#au-2_smt.a) on [Assignment: system components]; b. Allow [Assignment: personnel or roles] to select the event types that are to be logged by specific components of the system; and c. Generate audit records for the event types defined in [AU-2c](#au-2_smt.c) that include the audit record content defined in [AU-3](#au-3).

Supplemental Guidance

Audit records can be generated from many different system components. The event types specified in [AU-2d](#au-2_smt.d) are the event types for which audit logs are to be generated and are a subset of all event types for which the system can generate audit records.

Related Controls (19)

AC-6 AC-17 AU-2 AU-3 AU-4 AU-5 AU-6 AU-7 AU-14 CM-5 MA-4 MP-4 PM-12 SA-8 SC-18 SI-3 SI-4 SI-7 SI-10

CCI Identifiers (5)

CCI-001910Defines the personnel or roles allowed to select which event types are to be logged by specific components of the system.CCI-000169Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2 a on organization-defined information system components.CCI-000171Allow organization-defined personnel or roles to select the event types that are to be logged by specific components of the system.CCI-000172Generate audit records for the event types defined in AU-2 c that include the audit record content defined in AU-3.CCI-001459Defines system components that provide audit record generation capability.

Linked STIG Checks (200)

Across 28 STIGs. Click to expand.