📊 AU — Audit and Accountability
Create, protect, and retain audit logs to enable monitoring and investigation
← Back to all domains9 Practices
Create and retain system audit logs and records
This control requires organizations to create and keep detailed records of system activities, known as audit logs. These logs capture events like who ...
Ensure that actions of users can be uniquely traced to those users
This practice means that every action taken by a user on your systems must be linked back to their unique identity. Think of it like a security camera...
Review and update logged events
This control requires organizations to regularly review and update the events they log to ensure they capture the right information for security monit...
Alert in the event of an audit logging process failure
This practice requires organizations to set up alerts that notify relevant personnel when the audit logging process fails. Audit logging is crucial fo...
Correlate audit record review, analysis, and reporting for investigating and responding to indications of unlawful, unauthorized, suspicious, or unusual activity
This practice requires organizations to actively review and analyze audit logs to detect and respond to suspicious or unauthorized activities. It mean...
Provide audit record reduction and report generation to support on-demand analysis and reporting
This control requires organizations to have tools and processes in place to filter and summarize audit logs into reports that can be quickly analyzed....
Provide a system capability that compares and synchronizes internal system clocks
This practice ensures that all systems within your network have synchronized clocks, meaning they all show the same accurate time. This is crucial bec...
Protect audit information and audit logging tools from unauthorized access
This practice ensures that audit logs and the tools used to generate and manage them are secured against unauthorized access. Audit logs are records o...
Limit management of audit logging functionality to a subset of privileged users
This control means that only a small group of trusted, highly privileged users (like system administrators) should be able to configure, modify, or de...