Audit Events (AU-2)

An audit event is the discovery, by the monitoring and analysis of system logs, of any action that potentially impacts the security of data, hardware, or software.

Content of Audit Records (AU-3)

This Control addresses how information resources generate audit records containing information that establishes what type of event occurred, when the event occurred, where the event occurred, the source of the event, the outcome of the event, and the identity of any individuals or subjects associated with the event.

Audit Storage Capacity (AU-4)

The data storage capacity of information resources accommodates audit records.

Response to Audit Processing Failures (AU-5)

Automated alerts are generated to provide notification of an audit processing failure.

Audit Review, Analysis, and Reporting (AU-6)

The University regularly reviews/analyzes information system audit records for indications of inappropriate or unusual activity, investigates suspicious activity or suspected violations, reports findings to appropriate management, and takes necessary actions.

Time Stamps (AU-8)

Information resources are configured to use internal system clocks to generate time stamps for audit records.

Protection of Audit Information (AU-9)

Failure to restrict access to logging facilities and log information may result in unauthorized access, log information tampering and loss of user activity evidence.

Audit Generation (AU-12)

Audit generation entails the planning and execution of IT logging activities to detect potential compromise of critical business processes and data.