FedRAMP - Additional Audit Information AU-3(1)

Overview:
The information system generates audit records containing the following additional information: [Assignment: organization-defined additional, more detailed information].

Supplemental Guidance:
Detailed information that organizations may consider in audit records includes, for example, full text recording of privileged commands or the individual identities of group account users. Organizations consider limiting the additional audit information to only that information explicitly needed for specific audit requirements. This facilitates the use of audit trails and audit logs by not including information that could potentially be misleading or could make it more difficult to locate information of interest.

Action Items:
1) Ensure audit records contain pertinent information to the event and not extraneous information

Related Documents:
1) Audit and Accountability Policy

2) Logging and Monitoring Policy

Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
[Assignment: organization-defined additional, more detailed information]
Parameter: [session, connection, transaction, or activity duration; for client-server transactions, the number of bytes received and bytes sent; additional informational messages to diagnose or identify the event; characteristics that describe or identify the object or resource being acted upon]

Moderate Additional FedRAMP Requirements and Guidance
The service provider defines audit record types. The audit record types are approved and accepted by the JAB/AO. Guidance: For client-server transactions, the number of bytes sent and received gives bidirectional transfer information that can be helpful during an investigation or inquiry.