>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AU-12(3)Audit Record Generation | Changes by Authorized Individuals

IL4 High
IL5
IL6

>Control Description

Provide and implement the capability for organization-defined individuals or roles to change the logging to be performed on organization-defined system components based on organization-defined selectable event criteria within organization-defined time thresholds.

>DoD Impact Level Requirements

FedRAMP Parameter Values

AU-12 (3)-1 [service provider-defined individuals or roles with audit configuration responsibilities] AU-12 (3)-2 [all network, data storage, and computing devices]

>Discussion

Permitting authorized individuals to make changes to system logging enables organizations to extend or limit logging as necessary to meet organizational requirements. Logging that is limited to conserve system resources may be extended (either temporarily or permanently) to address certain threat situations. In addition, logging may be limited to a specific set of event types to facilitate audit reduction, analysis, and reporting.

Organizations can establish time thresholds in which logging actions are changed (e.g., near real-time, within minutes, or within hours).

>Related Controls

AC-3

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of AU-12(3) (Changes By Authorized Individuals)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring AU-12(3)?
  • How frequently is the AU-12(3) policy reviewed and updated, and what triggers policy changes?
  • What training or awareness programs ensure personnel understand their responsibilities related to AU-12(3)?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce AU-12(3) requirements.
  • What automated tools, systems, or technologies are deployed to implement AU-12(3)?
  • How is AU-12(3) integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce AU-12(3) requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of AU-12(3)?
  • What audit logs, records, reports, or monitoring data validate AU-12(3) compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of AU-12(3) effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate AU-12(3) compliance?

Ask AI

Configure your API key to use AI features.