Skip to main content

πŸ’Ό AU-6 Audit Record Review, Analysis, and Reporting (L)(M)(H)

  • Contextual name: πŸ’Ό AU-6 Audit Record Review, Analysis, and Reporting (L)(M)(H)
  • ID: /frameworks/fedramp-high-security-controls/au/06
  • Located in: πŸ’Ό Audit and Accountability

Description​

a. Review and analyze system audit records [FedRAMP Assignment: at least weekly] for indications of [Assignment: organization-defined inappropriate or unusual activity] and the potential impact of the inappropriate or unusual activity;

b. Report findings to [Assignment: organization-defined personnel or roles]; and

c. Adjust the level of audit record review, analysis, and reporting within the system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.

AU-6 Additional FedRAMP Requirements and Guidance:

Requirement: Coordination between service provider and consumer shall be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented.

Similar​

  • Sections
    • /frameworks/nist-sp-800-53-r5/au/06
  • Internal
    • ID: dec-c-9bf5fa59

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-6 Audit Record Review, Analysis, and Reporting1017

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό AU-6 Audit Record Review, Analysis, and Reporting (L)(M)(H)23
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό AU-6 Audit Record Review, Analysis, and Reporting (L)(M)(H)226

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό AU-6(1) Automated Process Integration (M)(H)1
πŸ’Ό AU-6(3) Correlate Audit Record Repositories (M)(H)6
πŸ’Ό AU-6(4) Central Review and Analysis (H)6
πŸ’Ό AU-6(5) Integrated Analysis of Audit Records (H)
πŸ’Ό AU-6(6) Correlation with Physical Monitoring (H)
πŸ’Ό AU-6(7) Permitted Actions (H)

Policies (23)​

PolicyLogic CountFlags
πŸ“ AWS Account IAM Access Analyzer is not enabled for all regions 🟒1🟒 x6
πŸ“ AWS Account Multi-Region CloudTrail is not enabled 🟒1🟒 x6
πŸ“ AWS CloudTrail S3 Bucket Access Logging is not enabled. 🟒1🟒 x6
πŸ“ AWS IAM Policy allows full administrative privileges 🟒1🟒 x6
πŸ“ AWS S3 Bucket Server Access Logging is not enabled 🟒1🟒 x6
πŸ“ AWS VPC Flow Logs are not enabled 🟒1🟠 x1, 🟒 x5
πŸ“ Azure Diagnostic Setting for Azure Key Vault is not enabled 🟒🟒 x3
πŸ“ Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days 🟒1🟒 x6
πŸ“ Azure PostgreSQL Single Server log_connections Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure SQL Server Auditing Retention is less than 90 days 🟒1🟒 x6
πŸ“ Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests 🟒1🟒 x6
πŸ“ Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Create Policy Assignment does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Delete Network Security Group does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Delete Security Solution does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Security Alert Notifications additional email address is not configured 🟒1🟒 x6
πŸ“ Azure Subscription Security Alert Notifications to subscription owners are not configured 🟒1🟒 x6
πŸ“ Microsoft Defender For Cloud Integration With Microsoft Defender For Cloud Apps is not enabled 🟒1🟒 x6

Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-0c82d7751
βœ‰οΈ dec-x-8a1ecfd01
βœ‰οΈ dec-x-9b79d91f1
βœ‰οΈ dec-x-9c0416671
βœ‰οΈ dec-x-20c9ef831
βœ‰οΈ dec-x-24bba4831
βœ‰οΈ dec-x-52ca19601
βœ‰οΈ dec-x-89d5ed7a1
βœ‰οΈ dec-x-157aa4b91
βœ‰οΈ dec-x-351e376f1
βœ‰οΈ dec-x-611eaa351
βœ‰οΈ dec-x-1518c16e1
βœ‰οΈ dec-x-79579ed71
βœ‰οΈ dec-x-9002886f1
βœ‰οΈ dec-x-ab7fc52e1
βœ‰οΈ dec-x-b2ce0ca11
βœ‰οΈ dec-x-c397d3ca2
βœ‰οΈ dec-x-db1b7a1b1
βœ‰οΈ dec-x-dc359e591
βœ‰οΈ dec-x-e00143332
βœ‰οΈ dec-z-3f480eb51