← Controls / AU

AU-03 Content Of Audit Records

Audit and Accountability

Low Moderate High

Description

The information system produces audit records that contain sufficient information to establish what events occurred, the sources of the events, and the outcomes of the events.

Supplemental Guidance

Audit record content includes, for most audit records: (i) date and time of the event; (ii) the component of the information system (e.g., software component, hardware component) where the event occurred; (iii) type of event; (iv) user/subject identity; and (v) the outcome (success or failure) of the event. NIST Special Publication 800-92 provides guidance on computer security log management.

Compliance Mappings

ISO 27001:2022

7.5A.5.28A.8.15

ISO 27002:2022

5.288.15

COBIT 2019

DSS06

CIS Controls v8

CIS 1.3CIS 1.4CIS 13.6CIS 3.14CIS 8CIS 8.2CIS 8.5CIS 8.6CIS 8.7CIS 8.8

NIST CSF 2.0

PR.PS-04RS.AN-07

SOC 2 TSC

PI1.4

PCI DSS v4.0.1

10.2

CSA CCM v4

LOG-07LOG-08LOG-11LOG-12

CSA AICM v1

LOG-07LOG-08LOG-11LOG-12LOG-15

FINOS CCC

CCC-C04CCC-C17

ISO 42001:2023

A.6.2.8

IEC 62443

3-3 SR 2.8

APRA CPS 234

Para 22-23

ASD Essential Eight

E8-1 ML2

BSI IT-Grundschutz

OPS.1.1.5

ANSSI

Hygiene.29SecNumCloud.13.7

FINMA Circular 2023/1

IV.C(66)IV.C(67)

OSFI B-13

B-13.3.3

EU GDPR

Art.30(1)(g)Art.33(3)(a)Art.33(3)(b)Art.7(1)

EU DORA

Art.10(1)

BIO2

5.288.15

RBI CSF

Annex1.17ITGRCA.15

FISC Security Guidelines

FISC.O11FISC.O2

LGPD + BCB 4893

BCB.Art.20LGPD.Art.42-45LGPD.Art.8

HKMA TM-E-1

TME1.5.2TME1.8.2

MLPS 2.0

8.1.3.58.1.4.3

EU CRA

CRA.I.2dCRA.I.2l

SWIFT CSCF

SWIFT.6.4

NCA ECC

2-12

UAE IA

T7

CBB TM

TM-12

Qatar NIA

OS

CBUAE

CR-3

CBE CSF

CD-1CTO-5

SA JS2

JS2-7.3

CBN CSF

Part3.5

BoG CISD

CISD-VII

BoM CTRM

3.134.2

IOSCO Cyber Resilience

DET-1

BCBS 239

Principle 3

CPMI-IOSCO PFMI

CG.DEPFMI.P17

FFIEC IS

II.C.15II.C.18III.B

NYDFS 500

500.6

HIPAA Security Rule

§164.308(a)(1)(ii)(D)§164.312(b)

ECB CROE

CROE.2.4

EBA ICT Guidelines

3.4.53.5(c)

SEBI CSCRF

DE.AU

BOT Cyber Resilience

Ch3.1

CMMC 2.0

AU

10 CFR 73.54

RG5.71-A-AU

IEEE 1686-2022

5.2

DOE C2M2 v2.1

SITUATION

API 1164

Sec 9

IAEA NSS 17-T

Sec 5.5

PCI PTS v6

L

PCI HSM

8

Common Criteria

CC Part 2 — FAU

ISAE 3402

Clause 4

Solvency II

Pillar3-Reporting

Lloyd's Minimum Standards

MS8.12

NAIC Insurance Data Security

4-audit4B

PRA SS1/23

P-IT.2P3.2P4.3P4.4

FCA SYSC 13

SYSC 13.7.5

HITRUST CSF v11

09.g

FDA 21 CFR Part 11

§11.10(e)§11.50

FDA Cybersecurity Guidance

SA-5

ISO 27799

12.4H.4

CCSS v9.0

1.05.22.04.1

MiCA

Art.68(1)

Basel SCO60

SCO60.55SCO60.62SCO60.66SCO60.73

BSSC Standards

GSP-12

SEC Custody (Digital Assets)

SEC-CD-04SEC-CD-15SEC-CD-18SEC-CD-20

ISO 17799 (legacy)

10.10.110.10.4

COBIT 4.1 (legacy)

None.