3.3.2

  • Requirement

    a. Include the following content in audit records:
    1. What type of event occurred
    2. When the event occurred
    3. Where the event occurred
    4. Source of the event
    5. Outcome of the event
    6. Identity of the individuals, subjects, objects, or entities associated with the event
    b. Provide additional information for audit records as needed.

  • Discussion

    Audit record content that may be necessary to support the auditing function includes time stamps, source and destination addresses, user or process identifiers, event descriptions, file names, and the access control or flow control rules that are invoked. Event outcomes can include indicators of event success or failure and event-specific results (e.g., the security state of the system after the event occurred). Detailed information that organizations consider in audit records may include a full text recording of privileged commands or the individual identities of group account users.

More Info

  • Family

    Audit and Accountability

  • Related NIST 800-53 ID

    AU-03, AU-03(01)

  • Reference Documents

    • N/A

NIST 800-171A r3 Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!

Learn More