💼 AU-2 Event Logging (L)(M)(H)

Contextual name: 💼 AU-2 Event Logging (L)(M)(H)
ID: /frameworks/fedramp-high-security-controls/au/02
Located in: 💼 Audit and Accountability

Description

a. Identify the types of events that the system is capable of logging in support of the audit function: [FedRAMP Assignment: successful and unsuccessful account logon events, account management events, object access, policy change, privilege functions, process tracking, and system events. For Web applications: all administrator activity, authentication checks, authorization checks, data deletions, data access, data changes, and permission changes];

b. Coordinate the event logging function with other organizational entities requiring audit-related information to guide and inform the selection criteria for events to be logged;

c. Specify the following event types for logging within the system: [FedRAMP Assignment: organization-defined subset of the auditable events defined in AU-2a to be audited continually for each identified event.];

d. Provide a rationale for why the event types selected for logging are deemed to be adequate to support after-the-fact investigations of incidents; and

e. Review and update the event types selected for logging [FedRAMP Assignment: annually and whenever there is a change in the threat environment].

AU-2 Additional FedRAMP Requirements and Guidance:

(e) Guidance: Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO.

Requirement: Coordination between service provider and consumer shall be documented and accepted by the JAB/AO.

Similar

Sections
- /frameworks/nist-sp-800-53-r5/au/02
Internal
- ID: dec-c-17d0421b

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST SP 800-53 Revision 5 → 💼 AU-2 Event Logging	4		17

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 FedRAMP Low Security Controls → 💼 AU-2 Event Logging (L)(M)(H)			17
💼 FedRAMP Moderate Security Controls → 💼 AU-2 Event Logging (L)(M)(H)			17

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (17)

Policy	Logic Count	Flags
📝 AWS Account Multi-Region CloudTrail is not enabled 🟢	1	🟢 x6
📝 AWS API Gateway API Access Logging in CloudWatch is not enabled 🟢	1	🟠 x1, 🟢 x5
📝 AWS API Gateway API Execution Logging in CloudWatch is not enabled 🟢	1	🟢 x6
📝 AWS CloudFront Distribution Logging is not enabled 🟢	1	🟢 x6
📝 AWS CloudTrail S3 Bucket Access Logging is not enabled. 🟢	1	🟢 x6
📝 AWS DMS Migration Task Logging is not enabled 🟢	1	🟢 x6
📝 AWS S3 Bucket Server Access Logging is not enabled 🟢	1	🟢 x6
📝 AWS VPC Flow Logs are not enabled 🟢	1	🟠 x1, 🟢 x5
📝 Google HTTP(S) Load Balancer Logging is not enabled 🟢	1	🟢 x6
📝 Google Logging Log Metric Filter and Alerts for Audit Configuration Changes do not exist 🟢	1	🟢 x6
📝 Google Logging Log Metric Filter and Alerts for Custom Role Changes do not exist 🟢	1	🟢 x6
📝 Google Logging Log Metric Filter and Alerts for Project Ownership Assignments Changes do not exist 🟢	1	🟢 x6
📝 Google Logging Log Metric Filter and Alerts for SQL Instance Configuration Changes do not exist 🟢	1	🟢 x6
📝 Google Logging Log Metric Filter and Alerts for VPC Network Changes do not exist 🟢	1	🟢 x6
📝 Google Logging Log Metric Filter and Alerts for VPC Network Firewall Rule Changes do not exist 🟢	1	🟢 x6
📝 Google Logging Log Metric Filter and Alerts for VPC Network Route Changes do not exist 🟢	1	🟢 x6
📝 Google Logging Log Sink for All Log Entries is not configured 🟢	1	🟢 x6

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (17)​