compliance controls are associated with this Policy definition 'Integrate Audit record analysis' (85335602-93f5-7730-830b-d43426fd51fa)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
AU-6(5) |
FedRAMP_High_R4_AU-6(5) |
FedRAMP High AU-6 (5) |
Audit And Accountability |
Integration / Scanning And Monitoring Capabilities |
Shared |
n/a |
The organization integrates analysis of audit records with analysis of [Selection (one or more): vulnerability scanning information; performance data; information system monitoring information; [Assignment: organization-defined data/information collected from other sources]] to further enhance the ability to identify inappropriate or unusual activity.
Supplemental Guidance: This control enhancement does not require vulnerability scanning, the generation of performance data, or information system monitoring. Rather, the enhancement requires that the analysis of information being otherwise produced in these areas is integrated with the analysis of audit information. Security Event and Information Management System tools can facilitate audit record aggregation/consolidation from multiple information system components as well as audit record correlation and analysis. The use of standardized audit record analysis scripts developed by organizations (with localized script adjustments, as necessary) provides more cost-effective approaches for analyzing audit record information collected. The correlation of audit record information with vulnerability scanning information is important in determining the veracity of vulnerability scans and correlating attack detection events with scanning results. Correlation with performance data can help uncover denial of service attacks or cyber attacks resulting in unauthorized use of resources. Correlation with system monitoring information can assist in uncovering attacks and in better relating audit information to operational situations. Related controls: AU-12, IR-4, RA-5. |
link |
32 |
| hipaa |
0202.09j1Organizational.3-09.j |
hipaa-0202.09j1Organizational.3-09.j |
0202.09j1Organizational.3-09.j |
02 Endpoint Protection |
0202.09j1Organizational.3-09.j 09.04 Protection Against Malicious and Mobile Code |
Shared |
n/a |
Audit logs of the scans are maintained. |
|
15 |
| hipaa |
1519.11c2Organizational.2-11.c |
hipaa-1519.11c2Organizational.2-11.c |
1519.11c2Organizational.2-11.c |
15 Incident Management |
1519.11c2Organizational.2-11.c 11.02 Management of Information Security Incidents and Improvements |
Shared |
n/a |
For unauthorized disclosures of covered information, a log is maintained and annually submitted to the appropriate parties (e.g., a state, regional or national regulatory agency). |
|
14 |
| NIST_SP_800-171_R2_3 |
.3.5 |
NIST_SP_800-171_R2_3.3.5 |
NIST SP 800-171 R2 3.3.5 |
Audit and Accountability |
Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Correlating audit record review, analysis, and reporting processes helps to ensure that they do not operate independently, but rather collectively. Regarding the assessment of a given organizational system, the requirement is agnostic as to whether this correlation is applied at the system level or at the organization level across all systems. |
link |
13 |
| NIST_SP_800-53_R4 |
AU-6(5) |
NIST_SP_800-53_R4_AU-6(5) |
NIST SP 800-53 Rev. 4 AU-6 (5) |
Audit And Accountability |
Integration / Scanning And Monitoring Capabilities |
Shared |
n/a |
The organization integrates analysis of audit records with analysis of [Selection (one or more): vulnerability scanning information; performance data; information system monitoring information; [Assignment: organization-defined data/information collected from other sources]] to further enhance the ability to identify inappropriate or unusual activity.
Supplemental Guidance: This control enhancement does not require vulnerability scanning, the generation of performance data, or information system monitoring. Rather, the enhancement requires that the analysis of information being otherwise produced in these areas is integrated with the analysis of audit information. Security Event and Information Management System tools can facilitate audit record aggregation/consolidation from multiple information system components as well as audit record correlation and analysis. The use of standardized audit record analysis scripts developed by organizations (with localized script adjustments, as necessary) provides more cost-effective approaches for analyzing audit record information collected. The correlation of audit record information with vulnerability scanning information is important in determining the veracity of vulnerability scans and correlating attack detection events with scanning results. Correlation with performance data can help uncover denial of service attacks or cyber attacks resulting in unauthorized use of resources. Correlation with system monitoring information can assist in uncovering attacks and in better relating audit information to operational situations. Related controls: AU-12, IR-4, RA-5. |
link |
32 |
| NIST_SP_800-53_R5 |
AU-6(5) |
NIST_SP_800-53_R5_AU-6(5) |
NIST SP 800-53 Rev. 5 AU-6 (5) |
Audit and Accountability |
Integrated Analysis of Audit Records |
Shared |
n/a |
Integrate analysis of audit records with analysis of [Selection (OneOrMore): vulnerability scanning information;performance data;system monitoring information; [Assignment: organization-defined data/information collected from other sources] ] to further enhance the ability to identify inappropriate or unusual activity. |
link |
32 |