| ๐ผ AU-1 Policy and Procedures | | | | |
| ๐ผ AU-2 Event Logging | 4 | | 6 | |
| ย ย ย ย ๐ผ AU-2(1) Event Logging _ Compilation of Audit Records from Multiple Sources | | | | |
| ย ย ย ย ๐ผ AU-2(2) Event Logging _ Selection of Audit Events by Component | | | | |
| ย ย ย ย ๐ผ AU-2(3) Event Logging _ Reviews and Updates | | | | |
| ย ย ย ย ๐ผ AU-2(4) Event Logging _ Privileged Functions | | | | |
| ๐ผ AU-3 Content of Audit Records | 3 | | 6 | |
| ย ย ย ย ๐ผ AU-3(1) Content of Audit Records _ Additional Audit Information | | 13 | 14 | |
| ย ย ย ย ๐ผ AU-3(2) Content of Audit Records _ Centralized Management of Planned Audit Record Content | | | | |
| ย ย ย ย ๐ผ AU-3(3) Content of Audit Records _ Limit Personally Identifiable Information Elements | | | | |
| ๐ผ AU-4 Audit Log Storage Capacity | 1 | | | |
| ย ย ย ย ๐ผ AU-4(1) Audit Log Storage Capacity _ Transfer to Alternate Storage | | | | |
| ๐ผ AU-5 Response to Audit Logging Process Failures | 5 | | | |
| �ย ย ย ย ๐ผ AU-5(1) Response to Audit Logging Process Failures _ Storage Capacity Warning | | | | |
| ย ย ย ย ๐ผ AU-5(2) Response to Audit Logging Process Failures _ Real-time Alerts | | | | |
| ย ย ย ย ๐ผ AU-5(3) Response to Audit Logging Process Failures _ Configurable Traffic Volume Thresholds | | | | |
| ย ย ย ย ๐ผ AU-5(4) Response to Audit Logging Process Failures _ Shutdown on Failure | | | | |
| ย ย ย ย ๐ผ AU-5(5) Response to Audit Logging Process Failures _ Alternate Audit Logging Capability | | | | |
| ๐ผ AU-6 Audit Record Review, Analysis, and Reporting | 10 | | | |
| ย ย ย ย ๐ผ AU-6(1) Audit Record Review, Analysis, and Reporting _ Automated Process Integration | | 1 | 1 | |
| ย ย ย ย ๐ผ AU-6(2) Audit Record Review, Analysis, and Reporting _ Automated Security Alerts | | | | |
| ย ย ย ย ๐ผ AU-6(3) Audit Record Review, Analysis, and Reporting _ Correlate Audit Record Repositories | | | 6 | |
| ย ย ย ย ๐ผ AU-6(4) Audit Record Review, Analysis, and Reporting _ Central Review and Analysis | | | 6 | |
| ย ย ย ย ๐ผ AU-6(5) Audit Record Review, Analysis, and Reporting _ Integrated Analysis of Audit Records | | | | |
| ย ย ย ย ๐ผ AU-6(6) Audit Record Review, Analysis, and Reporting _ Correlation with Physical Monitoring | | | | |
| ย ย ย ย ๐ผ AU-6(7) Audit Record Review, Analysis, and Reporting _ Permitted Actions | | | | |
| ย ย ย ย ๐ผ AU-6(8) Audit Record Review, Analysis, and Reporting _ Full Text Analysis of Privileged Commands | | | | |
| ย ย ย ย ๐ผ AU-6(9) Audit Record Review, Analysis, and Reporting _ Correlation with Information from Nontechnical Sources | | | | |
| ย ย ย ย ๐ผ AU-6(10) Audit Record Review, Analysis, and Reporting _ Audit Level Adjustment | | | | |
| ๐ผ AU-7 Audit Record Reduction and Report Generation | 2 | | | |
| ย ย ย ย ๐ผ AU-7(1) Audit Record Reduction and Report Generation _ Automatic Processing | | 1 | 1 | |
| ย ย ย ย ๐ผ AU-7(2) Audit Record Reduction and Report Generation _ Automatic Sort and Search | | | | |
| ๐ผ AU-8 Time Stamps | 2 | | | |
| ย ย ย ย ๐ผ AU-8(1) Time Stamps _ Synchronization with Authoritative Time Source | | | | |
| ย ย ย ย ๐ผ AU-8(2) Time Stamps _ Secondary Authoritative Time Source | | | | |
| ๐ผ AU-9 Protection of Audit Information | 7 | | 2 | |
| ย ย ย ย ๐ผ AU-9(1) Protection of Audit Information _ Hardware Write-once Media | | | | |
| ย ย ย ย ๐ผ AU-9(2) Protection of Audit Information _ Store on Separate Physical Systems or Components | | | | |
| ย ย ย ย ๐ผ AU-9(3) Protection of Audit Information _ Cryptographic Protection | | | | |
| ย ย ย ย ๐ผ AU-9(4) Protection of Audit Information _ Access by Subset of Privileged Users | | 2 | 2 | |
| ย ย ย ย ๐ผ AU-9(5) Protection of Audit Information _ Dual Authorization | | | | |
| ย ย ย ย ๐ผ AU-9(6) Protection of Audit Information _ Read-only Access | | | | |
| ย ย ย ย ๐ผ AU-9(7) Protection of Audit Information _ Store on Component with Different Operating System | | | | |
| ๐ผ AU-10 Non-repudiation | 5 | | 5 | |
| ย ย ย ย ๐ผ AU-10(1) Non-repudiation _ Association of Identities | | | | |
| ย ย ย ย ๐ผ AU-10(2) Non-repudiation _ Validate Binding of Information Producer Identity | | | | |
| ย ย ย ย ๐ผ AU-10(3) Non-repudiation _ Chain of Custody | | | | |
| ย ย ย ย ๐ผ AU-10(4) Non-repudiation _ Validate Binding of Information Reviewer Identity | | | | |
| ย ย ย ย ๐ผ AU-10(5) Non-repudiation _ Digital Signatures | | | | |
| ๐ผ AU-11 Audit Record Retention | 1 | | | |
| ย ย ย ย ๐ผ AU-11(1) Audit Record Retention _ Long-term Retrieval Capability | | | | |
| ๐ผ AU-12 Audit Record Generation | 4 | 45 | 47 | |
| ย ย ย ย ๐ผ AU-12(1) Audit Record Generation _ System-wide and Time-correlated Audit Trail | | | | |
| ย ย ย ย ๐ผ AU-12(2) Audit Record Generation _ Standardized Formats | | | | |
| ย ย ย ย ๐ผ AU-12(3) Audit Record Generation _ Changes by Authorized Individuals | | | | |
| ย ย ย ย ๐ผ AU-12(4) Audit Record Generation _ Query Parameter Audits of Personally Identifiable Information | | | | |
| ๐ผ AU-13 Monitoring for Information Disclosure | 3 | | | |
| ย ย ย ย ๐ผ AU-13(1) Monitoring for Information Disclosure _ Use of Automated Tools | | | | |
| ย ย ย ย ๐ผ AU-13(2) Monitoring for Information Disclosure _ Review of Monitored Sites | | | | |
| ย ย ย ย ๐ผ AU-13(3) Monitoring for Information Disclosure _ Unauthorized Replication of Information | | | | |
| ๐ผ AU-14 Session Audit | 3 | | | |
| ย ย ย ย ๐ผ AU-14(1) Session Audit _ System Start-up | | | 1 | |
| ย ย ย ย ๐ผ AU-14(2) Session Audit _ Capture and Record Content | | | | |
| ย ย ย ย ๐ผ AU-14(3) Session Audit _ Remote Viewing and Listening | | | | |
| ๐ผ AU-15 Alternate Audit Logging Capability | | | | |
| ๐ผ AU-16 Cross-organizational Audit Logging | 3 | | | |
| ย ย ย ย ๐ผ AU-16(1) Cross-organizational Audit Logging _ Identity Preservation | | | | |
| ย ย ย ย ๐ผ AU-16(2) Cross-organizational Audit Logging _ Sharing of Audit Information | | | | |
| ย ย ย ย ๐ผ AU-16(3) Cross-organizational Audit Logging _ Disassociability | | | | |