>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

5.4.1Auditable Events and Content

>Control Description

The agency’s information system shall generate audit records for defined events. These defined events include identifying significant events which need to be audited as relevant to the security of the information system. The agency shall specify which information system components carry out auditing activities. Auditing activity can affect information system performance and this issue must be considered as a separate factor during the acquisition of information systems. The agency’s information system shall produce, at the application and/or operating system level, audit records containing sufficient information to establish what events occurred, the sources of the events, and the outcomes of the events. The agency shall periodically review and update the list of agency-defined auditable events. In the event an agency does not use an automated system, manual recording of activities shall still take place.

>Cross-Framework Mappings

SCF

MON-01.13
Compare
MON-01.16
Compare
MON-01.2
Compare
MON-01.3
Compare
MON-01.4
Compare
MON-02
Compare
MON-02.1
Compare
MON-03
Compare

Ask AI

Configure your API key to use AI features.