Compiling audit records from multiple components into a systemwide, time-correlated audit trail


The organization will ensure that the information system provides the capability to compile audit records from multiple components throughout the system into a systemwide (logical or physical), time-correlated audit trail. [UCF ID 01424]

Supporting and supported controls

This control directly supports:

Collection and interpretation of logs [UCF Common Control ID 00643]

This control has the following supporting controls:

There are no supporting controls.

Authority documents complied with:

Australian Government ICT Security Manual (ACSI 33) § 3.7.10; FFIEC IT Examination Handbook – Information Security Exam Tier II Obj M.5; Recommended Security Controls for Federal Information Systems, NIST SP 800-53 AU-2(1), AU-3(2); Guide for Assessing the Security Controls in Federal Information Systems, NIST 800-53A § AU-2(1), AU-2.8, AU-3(2), AU-3.9

US Federal Security Guidance

FIPS Publication 200, § 3 Specifications for Minimum Security Requirements calls for Audit and Accountability (AU): Organizations must: (i) create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity; and (ii) ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions.

NIST Guidance

NIST 800-53, AU-2(1) states that the information system must provide the capability to compile audit records from multiple components throughout the system into a systemwide (logical or physical), time-correlated audit trail.

AU-3(2) states that for high impact systems, the information system should provide the capability to centrally manage the content of audit records generated by individual components throughout the system.

Asia and Pacific Rim Guidance

The Australian Government ICT Security Manual (ACSI 33) § 3.7.10 states that all events occurring on the organization's networks should be logged and correlated into one event log. .


Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.


Site and content © Copyright 2003-2008 Network Frontiers, LLC. All rights reserved.