AU.L2-3.3.4—Audit Failure Alerting
Level 2
800-171: 3.3.4
>Control Description
Alert in the event of an audit logging process failure.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern implementation of Audit Failure Alerting?
- •Who is responsible for overseeing compliance with this requirement?
- •How do you communicate requirements to relevant personnel?
- •How often do you review and update policies related to this control?
- •What governance process ensures consistent implementation across the organization?
Technical Implementation:
- •What technologies and tools implement Audit Failure Alerting?
- •How do you technically enforce this requirement?
- •What automated mechanisms support this control?
- •What logging or monitoring provides visibility into implementation?
- •How do you verify technical implementation is functioning correctly?
Evidence & Documentation:
- •What audit logging configuration documentation can you provide?
- •What sample audit logs demonstrate required events are logged?
- •What audit log review documentation shows periodic review?
- •What SIEM screenshots show audit log aggregation and analysis?
- •What audit retention documentation shows logs are retained per policy?
- •What evidence shows audit logs are protected from modification?
Ask AI
Configure your API key to use AI features.