FedRAMP Auditing the Use of Privileged Functions AC-6 (9)
Overview:
The information system audits the execution of privileged functions.
Supplemental Guidance:
Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse, and in doing so, help mitigate the risk from insider threats and the advanced persistent threat (APT).
Related controls: AU-2
Action Items:
1) Enable logging for all privileged functions and secure them
Related Documents:
1) Access Control Policy
2) Logging and Monitoring Policy
Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
none
Moderate Additional FedRAMP Requirements and Guidance
none