AU-3(3)

  • Requirement

    Limit personally identifiable information contained in audit records to the following elements identified in the privacy risk assessment: [Assignment: organization-defined elements].

  • Discussion

    Limiting personally identifiable information in audit records when such information is not needed for operational purposes helps reduce the level of privacy risk created by a system.

More Info

  • Title

    Content of Audit Records | Limit Personally Identifiable Information Elements
  • Family

    Audit and Accountability
  • NIST 800-53B Baseline(s)

    • Privacy
  • Related NIST 800-53 ID

    RA-3

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!