AU-14 Session Audit

Audit and Accountability

Description

a. Provide and implement the capability for [Assignment: organization-defined users or roles] to [Selection (one or more): record; view; hear; log] the content of a user session under [Assignment: organization-defined circumstances]; and b. Develop, integrate, and use session auditing activities in consultation with legal counsel and in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.

Supplemental Guidance

Session auditing activities are developed, integrated, and used in consultation with legal counsel and in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Session auditing includes the real-time monitoring of activities in user sessions and the capture, recording, and logging of activities in user sessions.

Changes from Rev 4

No significant changes from Rev 4.

Compliance Mappings

ISO 27001:2022

7.5

CIS Controls v8

CIS 8.8

RBI CSF

Annex1.16Annex1.17

HKMA TM-E-1

TME1.8.2

EU CRA

CRA.I.2l

SWIFT CSCF

SWIFT.2.6

NCA ECC

2-12

CBB TM

TM-12

Qatar NIA

CBE CSF

CD-1

BoM CTRM

4.2

IOSCO Cyber Resilience

DET-1

CPMI-IOSCO PFMI

CG.DE

FFIEC IS

III.B

HIPAA Security Rule

§164.308(a)(1)(ii)(D)§164.312(b)

ECB CROE

CROE.2.4

EBA ICT Guidelines

3.4.5

SEBI CSCRF

DE.AU

BOT Cyber Resilience

Ch3.1

CMMC 2.0

TIBER-EU

TIBER.BT

Common Criteria

CC Part 2 — FAU

Lloyd's Minimum Standards

MS8.12

PRA SS1/23

P-IT.2

HITRUST CSF v11

09.g11.c

FDA 21 CFR Part 11

§11.10(e)

ISO 27799

12.4