>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AU-6(5)Audit Record Review, Analysis, and Reporting | Integrated Analysis of Audit Records

IL4 High
IL5
IL6

>Control Description

Integrate analysis of audit records with analysis of [Selection (one or more): vulnerability scanning information; performance data; system monitoring information; organization-defined data/information collected from other sources] to further enhance the ability to identify inappropriate or unusual activity.

>DoD Impact Level Requirements

FedRAMP Parameter Values

AU-6 (5) [Selection (one or more): vulnerability scanning information; performance data; information system monitoring information; penetration test data; [Organization -defined data/information collected from other sources]]

>Discussion

Integrated analysis of audit records does not require vulnerability scanning, the generation of performance data, or system monitoring. Rather, integrated analysis requires that the analysis of information generated by scanning, monitoring, or other data collection activities is integrated with the analysis of audit record information. Security Information and Event Management tools can facilitate audit record aggregation or consolidation from multiple system components as well as audit record correlation and analysis.

The use of standardized audit record analysis scripts developed by organizations (with localized script adjustments, as necessary) provides more cost-effective approaches for analyzing audit record information collected. The correlation of audit record information with vulnerability scanning information is important in determining the veracity of vulnerability scans of the system and in correlating attack detection events with scanning results. Correlation with performance data can uncover denial-of-service attacks or other types of attacks that result in the unauthorized use of resources.

Correlation with system monitoring information can assist in uncovering attacks and in better relating audit information to operational situations.

>Related Controls

AU-12
IR-4

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of AU-6(5) (Integrated Analysis Of Audit Records)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring AU-6(5)?
  • How frequently is the AU-6(5) policy reviewed and updated, and what triggers policy changes?
  • What training or awareness programs ensure personnel understand their responsibilities related to AU-6(5)?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce AU-6(5) requirements.
  • What automated tools, systems, or technologies are deployed to implement AU-6(5)?
  • How is AU-6(5) integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce AU-6(5) requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of AU-6(5)?
  • What audit logs, records, reports, or monitoring data validate AU-6(5) compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of AU-6(5) effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate AU-6(5) compliance?

Ask AI

Configure your API key to use AI features.