Overview:
The organization reviews and updates the audited events [Assignment: organization-defined frequency].
Supplemental Guidance:
Over time, the events that organizations believe should be audited may change. Reviewing and updating the set of audited events periodically is necessary to ensure that the current set is still necessary and sufficient.
Action Items:
1) Establish procedures to review logs and monitoring events
Related Documents:
1) Audit and Accountability Policy
2) Logging and Monitoring Policy
Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
[annually or whenever there is a change in the threat environment]
Moderate Additional FedRAMP Requirements and Guidance
Annually or whenever changes in the threat environment are communicated to the service provider by the JAB.
Article ID: 608
Created: September 29, 2022
Last Updated: September 29, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/fedramp-reviews-and-updates-au-2-3-608.html