AU-6(8)

  • Requirement

    Perform a full text analysis of logged privileged commands in a physically distinct component or subsystem of the system, or other system that is dedicated to that analysis.

  • Discussion

    Full text analysis of privileged commands requires a distinct environment for the analysis of audit record information related to privileged users without compromising such information on the system where the users have elevated privileges, including the capability to execute privileged commands. Full text analysis refers to analysis that considers the full text of privileged commands (i.e., commands and parameters) as opposed to analysis that considers only the name of the command. Full text analysis includes the use of pattern matching and heuristics.

More Info

  • Title

    Audit Record Review, Analysis, and Reporting | Full Text Analysis of Privileged Commands
  • Family

    Audit and Accountability
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      AU-3;AU-9;AU-11;AU-12

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!