AU-03 Content Of Audit Records

Control: The information system produces audit records that contain sufficient information to establish what events occurred, the sources of the events, and the outcomes of the events.

Supplemental Guidance: Audit record content includes, for most audit records: (i) date and time of the event; (ii) the component of the information system (e.g., software component, hardware component) where the event occurred; (iii) type of event; (iv) user/subject identity; and (v) the outcome (success or failure) of the event. NIST Special Publication 800-92 provides guidance on computer security log management.

Control Enhancements:

(1) The information system provides the capability to include additional, more detailed information in the audit records for audit events identified by type, location, or subject.

(2) The information system provides the capability to centrally manage the content of audit records generated by individual components throughout the system.

Baseline: LOW AU-3 MOD AU-3 (1) HIGH AU-3 (1) (2)

Family: Audit And Accountability

Class: Technical

ISO 17799 mapping: 10.10.1, 10.10.4

COBIT 4.1 mapping: None.

PCI-DSS v2 mapping: 10.3