AU-06 Audit Monitoring, Analysis, And Reporting

Control: The organization regularly reviews/analyzes information system audit records for indications of inappropriate or unusual activity, investigates suspicious activity or suspected violations, reports findings to appropriate officials, and takes necessary actions.

Supplemental Guidance: Organizations increase the level of audit monitoring and analysis activity within the information system whenever there is an indication of increased risk to organizational operations, organizational assets, or individuals based on law enforcement information, intelligence information, or other credible sources of information.

Control Enhancements:

(1) The organization employs automated mechanisms to integrate audit monitoring, analysis, and reporting into an overall process for investigation and response to suspicious activities.

(2) The organization employs automated mechanisms to alert security personnel of the following inappropriate or unusual activities with security implications: [Assignment: organization-defined list of inappropriate or unusual activities that are to result in alerts].

Baseline: LOW Not Selected MOD AU-6 (2) HIGH AU-6 (1) (2)

Family: Audit And Accountability

Class: Technical

ISO 17799 mapping: 10.10.2, 10.10.4, 13.2.1

COBIT 4.1 mapping: DS5.5

PCI-DSS v2 mapping: 10.6, 12.5.2, 12.9.5