Audit Record Content from NIST 800-171 Rev 3 framework

SAMMY UI is optimized for resolutions with a width 1024px and higher.

Access Control
Awareness and Training
- Literacy Training and Awareness
- Role-Based Training
Audit and Accountability
Configuration Management
Identification and Authentication
Incident Response
Maintenance
Media Protection
Personnel Security
- Personnel Screening
- Personnel Termination and Transfer
Physical Protection
Risk Assessment
Security Assessment and Monitoring
System and Communications Protection
System and Information Integrity
Planning
System and Services Acquisition
Supply Chain Risk Management

Audit Record Content

03.03.02: Audit Record Content

a. Include the following content in audit records:
     01. What type of event occurred
     02. When the event occurred
     03. Where the event occurred
     04. Source of the event
     05. Outcome of the event
     06. Identity of the individuals, subjects, objects, or entities associated with the event
b. Provide additional information for audit records as needed.

Description

Audit record content that may be necessary to support the auditing function includes time stamps, source and destination addresses, user or process identifiers, event descriptions, file names, and the access control or flow control rules that are invoked. Event outcomes can include indicators of event success or failure and event-specific results (e.g., the security state of the system after the event occurred). Detailed information that organizations consider in audit records may include a full text recording of privileged commands or the individual identities of group account users.