💼 AU-6 Audit Record Review, Analysis, and Reporting (L)(M)(H)

• ID: /frameworks/fedramp-moderate-security-controls/au/06

Description

a. Review and analyze system audit records [FedRAMP Assignment: at least weekly] for indications of [Assignment: organization-defined inappropriate or unusual activity] and the potential impact of the inappropriate or unusual activity;

b. Report findings to [Assignment: organization-defined personnel or roles]; and

c. Adjust the level of audit record review, analysis, and reporting within the system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.

AU-6 Additional FedRAMP Requirements and Guidance:

Requirement: Coordination between service provider and consumer shall be documented and accepted by the JAB/AO. In multi-tenant environments, capability and means for providing review, analysis, and reporting to consumer for data pertaining to consumer shall be documented.

Similar

• Sections
  • /frameworks/fedramp-high-security-controls/au/06
• Internal
  • ID: dec-c-9bf5fa59

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 FedRAMP High Security Controls → 💼 AU-6 Audit Record Review, Analysis, and Reporting (L)(M)(H)	6	20	32		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 AU-6(1) Automated Process Integration (M)(H)			3		no data
💼 AU-6(3) Correlate Audit Record Repositories (M)(H)			8		no data

Policies (24)

Policy	Logic Count	Flags	Compliance
🛡️ AWS Account IAM Access Analyzer is not enabled for all regions🟢	1	🟢 x6	no data
🛡️ AWS CloudTrail S3 Bucket Access Logging is not enabled.🟢	1	🟢 x6	no data
🛡️ AWS IAM Policy allows full administrative privileges🟢	1	🟢 x6	no data
🛡️ AWS S3 Bucket Server Access Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS VPC Flow Logs are not enabled🟢	1	🟠 x1, 🟢 x5	no data
🛡️ Azure Diagnostic Setting for Azure Key Vault is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Single Server log_connections Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure SQL Server Auditing Retention is less than 90 days🟢	1	🟢 x6	no data
🛡️ Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests🟢	1	🟢 x6	no data
🛡️ Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Create Policy Assignment does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Delete Network Security Group does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Delete Security Solution does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Integration With Microsoft Defender For Cloud Apps is not enabled🟢	1	🟢 x6	no data
🛡️ Azure Subscription Security Alert Notifications additional email address is not configured🟢	1	🟢 x6	no data
🛡️ Azure Subscription Security Alert Notifications to subscription owners are not configured🟢	1	🟢 x6	no data
🛡️ Google Cloud Audit Logging is not configured properly🟢	1	🟢 x6	no data
🛡️ Google GCE Network DNS Policy Logging is not enabled🟢	1	🟢 x6	no data