AU-16(3)

  • Requirement

    Implement [Assignment: organization-defined measures] to disassociate individuals from audit information transmitted across organizational boundaries.

  • Discussion

    Preserving identities in audit trails could have privacy ramifications, such as enabling the tracking and profiling of individuals, but may not be operationally necessary. These risks could be further amplified when transmitting information across organizational boundaries. Implementing privacy-enhancing cryptographic techniques can disassociate individuals from audit information and reduce privacy risk while maintaining accountability.

More Info

  • Title

    Cross-organizational Audit Logging | Disassociability
  • Family

    Audit and Accountability
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!