Overview:
Alert in the event of an audit process failure.
Action Items:
3.3.4[a]
Determine if: personnel or roles to be alerted in the event of an audit logging process failure are identified.
3.3.4[b]
Determine if: types of audit logging process failures for which alert will be generated are defined.
3.3.4[c]
Determine if: identified personnel or roles are alerted in the event of an audit logging process failure.
POTENTIAL ASSESSMENT METHODS AND OBJECTS
1
Examine: Audit and accountability policy; procedures addressing response to audit logging processing failures; system design documentation; system security plan; system configuration settings and associated documentation; list of personnel to be notified in case of an audit logging processing failure; system incident reports; system audit logs and records; other relevant documents or records].
2
Interview: Personnel with audit and accountability responsibilities; personnel with information security responsibilities; system or network administrators; system developers].
3
Test: Mechanisms implementing system response to audit logging processing failures].
Related Documents (document name and content will vary by organization):
1) Audit and accountability policy
2) procedures addressing response to audit logging processing failures
3) system design documentation
4) system security plan
5) system configuration settings and associated documentation
6) list of personnel to be notified in case of an audit logging processing failure
7) system incident reports
8) system audit logs and records
9) other relevant documents or records
Additional Guidance:
Audit logging process failures include, for example, software/hardware errors, failures in the audit record capturing mechanisms, and audit record storage capacity being reached or exceeded. This requirement applies to each audit record data storage repository (i.e., distinct system component where audit records are stored), the total audit record storage capacity of organizations (i.e., all audit record data storage repositories combined), or both.
Article ID: 134
Created: September 26, 2022
Last Updated: September 27, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/nist-800-171-alert-audit-processing-failure-3-3-4-134.html