| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
AU-6(7) |
FedRAMP_High_R4_AU-6(7) |
FedRAMP High AU-6 (7) |
Audit And Accountability |
Permitted Actions |
Shared |
n/a |
The organization specifies the permitted actions for each [Selection (one or more): information system process; role; user] associated with the review, analysis, and reporting of audit information.
Supplemental Guidance: Organizations specify permitted actions for information system processes, roles, and/or users associated with the review, analysis, and reporting of audit records through account management techniques. Specifying permitted actions on audit information is a way to enforce the principle of least privilege. Permitted actions are enforced by the information system and include, for example, read, write, execute, append, and delete. |
link |
1 |
| hipaa |
0202.09j1Organizational.3-09.j |
hipaa-0202.09j1Organizational.3-09.j |
0202.09j1Organizational.3-09.j |
02 Endpoint Protection |
0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code |
Shared |
n/a |
Audit logs of the scans are maintained. |
|
15 |
| hipaa |
12101.09ab1Organizational.3-09.ab |
hipaa-12101.09ab1Organizational.3-09.ab |
12101.09ab1Organizational.3-09.ab |
12 Audit Logging & Monitoring |
12101.09ab1Organizational.3-09.ab 09.10 Monitoring |
Shared |
n/a |
The organization specifies how often audit logs are reviewed, how the reviews are documented, and the specific roles and responsibilities of the personnel conducting the reviews, including the professional certifications or other qualifications required. |
|
18 |
| NIST_SP_800-53_R4 |
AU-6(7) |
NIST_SP_800-53_R4_AU-6(7) |
NIST SP 800-53 Rev. 4 AU-6 (7) |
Audit And Accountability |
Permitted Actions |
Shared |
n/a |
The organization specifies the permitted actions for each [Selection (one or more): information system process; role; user] associated with the review, analysis, and reporting of audit information.
Supplemental Guidance: Organizations specify permitted actions for information system processes, roles, and/or users associated with the review, analysis, and reporting of audit records through account management techniques. Specifying permitted actions on audit information is a way to enforce the principle of least privilege. Permitted actions are enforced by the information system and include, for example, read, write, execute, append, and delete. |
link |
1 |
| NIST_SP_800-53_R5 |
AU-6(7) |
NIST_SP_800-53_R5_AU-6(7) |
NIST SP 800-53 Rev. 5 AU-6 (7) |
Audit and Accountability |
Permitted Actions |
Shared |
n/a |
Specify the permitted actions for each [Selection (OneOrMore): system process;role;user] associated with the review, analysis, and reporting of audit record information. |
link |
1 |