Skip to Content

NIST 800-171 - Audit Reduction and Report Generation (3.3.6)

136  Matthew Burdick September 27, 2022  Audit and Accountability

Overview:
Provide audit reduction and report generation to support on-demand analysis and reporting.


Action Items:
3.3.6[a]
Determine if: an audit record reduction capability that supports on-demand analysis is provided.


3.3.6[b]
Determine if: a report generation capability that supports on-demand reporting is provided.


POTENTIAL ASSESSMENT METHODS AND OBJECTS


1
Examine: Audit and accountability policy; procedures addressing audit record reduction and report generation; system design documentation; system security plan; system configuration settings and associated documentation; audit record reduction, review, analysis, and reporting tools; system audit logs and records; other relevant documents or records].


2
Interview: Personnel with audit record reduction and report generation responsibilities; personnel with information security responsibilities].


3
Test: Audit record reduction and report generation capability].


Related Documents (document name and content will vary by organization):
1) Audit and accountability policy
2) procedures addressing audit record reduction and report generation
3) system design documentation
4) system security plan
5) system configuration settings and associated documentation
6) audit record reduction, review, analysis, and reporting tools
7) system audit logs and records
8) other relevant documents or records


Additional Guidance:
Audit record reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. Audit record reduction and report generation capabilities do not always emanate from the same system or organizational entities conducting auditing activities. Audit record reduction capability can include, for example, modern data mining techniques with advanced data filters to identify anomalous behavior in audit records. The report generation capability provided by the system can help generate customizable reports. Time ordering of audit records can be a significant issue if the granularity of the time stamp in the record is insufficient.

 
Not Rated
Secure Code