Provide literacy training on the advanced persistent threat.
family AT
framework nist-800-53
Provide literacy training on the cyber threat environment; and Reflect current cyber threat information in system operations.
family AT
framework nist-800-53
Provide role-based security and privacy training to personnel with the following roles and responsibilities: {{ insert: param, at-3_prm_1 }}: Before authorizing access to the system, information, or performing assigned duties, and {{ insert: param, at-03_odp.03 }} thereafter; and When required by system changes; Update role-based training content {{ insert: param, at-03_odp.04 }} and following {{ insert: param, at-03_odp.05 }} ; and Incorporate lessons learned from internal or external security incidents or breaches into role-based training.
family AT
framework nist-800-53
Provide {{ insert: param, at-03.01_odp.01 }} with initial and {{ insert: param, at-03.01_odp.02 }} training in the employment and operation of environmental controls.
family AT
framework nist-800-53
Provide {{ insert: param, at-03.02_odp.01 }} with initial and {{ insert: param, at-03.02_odp.02 }} training in the employment and operation of physical security controls.
family AT
framework nist-800-53
Provide practical exercises in security and privacy training that reinforce training objectives.
family AT
framework nist-800-53
family AT
framework nist-800-53
Provide {{ insert: param, at-03.05_odp.01 }} with initial and {{ insert: param, at-03.05_odp.02 }} training in the employment and operation of personally identifiable information processing and transparency controls.
family AT
framework nist-800-53
Document and monitor information security and privacy training activities, including security and privacy awareness training and specific role-based security and privacy training; and Retain individual training records for {{ insert: param, at-04_odp }}.
family AT
framework nist-800-53
family AT
framework nist-800-53
Provide feedback on organizational training results to the following personnel {{ insert: param, at-06_odp.01 }}: {{ insert: param, at-06_odp.02 }}.
family AT
framework nist-800-53
Develop, document, and disseminate to {{ insert: param, au-1_prm_1 }}: {{ insert: param, au-01_odp.03 }} audit and accountability policy that: Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and Procedures to facilitate the implementation of the audit and accountability policy and the associated audit and accountability controls; Designate an {{ insert: param, au-01_odp.04 }} to manage the development, documentation, and dissemination of the audit and accountability policy and procedures; and Review and update the current audit and accountability: Policy {{ insert: param, au-01_odp.05 }} and following {{ insert: param, au-01_odp.06 }} ; and Procedures {{ insert: param, au-01_odp.07 }} and following {{ insert: param, au-01_odp.08 }}.
family AU
framework nist-800-53
Provide irrefutable evidence that an individual (or process acting on behalf of an individual) has performed {{ insert: param, au-10_odp }}.
family AU
framework nist-800-53
Bind the identity of the information producer with the information to {{ insert: param, au-10.01_odp }} ; and Provide the means for authorized individuals to determine the identity of the producer of the information.
family AU
framework nist-800-53
Validate the binding of the information producer identity to the information at {{ insert: param, au-10.02_odp.01 }} ; and Perform {{ insert: param, au-10.02_odp.02 }} in the event of a validation error.
family AU
framework nist-800-53
Maintain reviewer or releaser credentials within the established chain of custody for information reviewed or released.
family AU
framework nist-800-53
Validate the binding of the information reviewer identity to the information at the transfer or release points prior to release or transfer between {{ insert: param, au-10.04_odp.01 }} ; and Perform {{ insert: param, au-10.04_odp.02 }} in the event of a validation error.
family AU
framework nist-800-53
family AU
framework nist-800-53
Retain audit records for {{ insert: param, au-11_odp }} to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.
family AU
framework nist-800-53
Employ {{ insert: param, au-11.01_odp }} to ensure that long-term audit records generated by the system can be retrieved.
family AU
framework nist-800-53
Provide audit record generation capability for the event types the system is capable of auditing as defined in [AU-2a](#au-2_smt.a) on {{ insert: param, au-12_odp.01 }}; Allow {{ insert: param, au-12_odp.02 }} to select the event types that are to be logged by specific components of the system; and Generate audit records for the event types defined in [AU-2c](#au-2_smt.c) that include the audit record content defined in [AU-3](#au-3).
family AU
framework nist-800-53
Compile audit records from {{ insert: param, au-12.01_odp.01 }} into a system-wide (logical or physical) audit trail that is time-correlated to within {{ insert: param, au-12.01_odp.02 }}.
family AU
framework nist-800-53
Produce a system-wide (logical or physical) audit trail composed of audit records in a standardized format.
family AU
framework nist-800-53
Provide and implement the capability for {{ insert: param, au-12.03_odp.01 }} to change the logging to be performed on {{ insert: param, au-12.03_odp.02 }} based on {{ insert: param, au-12.03_odp.03 }} within {{ insert: param, au-12.03_odp.04 }}.
family AU
framework nist-800-53
Provide and implement the capability for auditing the parameters of user query events for data sets containing personally identifiable information.
family AU
framework nist-800-53
Monitor {{ insert: param, au-13_odp.01 }} {{ insert: param, au-13_odp.02 }} for evidence of unauthorized disclosure of organizational information; and If an information disclosure is discovered: Notify {{ insert: param, au-13_odp.03 }} ; and Take the following additional actions: {{ insert: param, au-13_odp.04 }}.
family AU
framework nist-800-53
Monitor open-source information and information sites using {{ insert: param, au-13.01_odp }}.
family AU
framework nist-800-53
Review the list of open-source information sites being monitored {{ insert: param, au-13.02_odp }}.
family AU
framework nist-800-53
Employ discovery techniques, processes, and tools to determine if external entities are replicating organizational information in an unauthorized manner.
family AU
framework nist-800-53
Provide and implement the capability for {{ insert: param, au-14_odp.01 }} to {{ insert: param, au-14_odp.02 }} the content of a user session under {{ insert: param, au-14_odp.03 }} ; and Develop, integrate, and use session auditing activities in consultation with legal counsel and in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.
family AU
framework nist-800-53
Initiate session audits automatically at system start-up.
family AU
framework nist-800-53
family AU
framework nist-800-53
Provide and implement the capability for authorized users to remotely view and hear content related to an established user session in real time.
family AU
framework nist-800-53
family AU
framework nist-800-53
Employ {{ insert: param, au-16_odp.01 }} for coordinating {{ insert: param, au-16_odp.02 }} among external organizations when audit information is transmitted across organizational boundaries.
family AU
framework nist-800-53
Preserve the identity of individuals in cross-organizational audit trails.
family AU
framework nist-800-53
Provide cross-organizational audit information to {{ insert: param, au-16.02_odp.01 }} based on {{ insert: param, au-16.02_odp.02 }}.
family AU
framework nist-800-53
Implement {{ insert: param, au-16.03_odp }} to disassociate individuals from audit information transmitted across organizational boundaries.
family AU
framework nist-800-53
Identify the types of events that the system is capable of logging in support of the audit function: {{ insert: param, au-02_odp.01 }}; Coordinate the event logging function with other organizational entities requiring audit-related information to guide and inform the selection criteria for events to be logged; Specify the following event types for logging within the system: {{ insert: param, au-2_prm_2 }}; Provide a rationale for why the event types selected for logging are deemed to be adequate to support after-the-fact investigations of incidents; and Review and update the event types selected for logging {{ insert: param, au-02_odp.04 }}.
family AU
framework nist-800-53
family AU
framework nist-800-53
family AU
framework nist-800-53
family AU
framework nist-800-53
family AU
framework nist-800-53
Ensure that audit records contain information that establishes the following: What type of event occurred; When the event occurred; Where the event occurred; Source of the event; Outcome of the event; and Identity of any individuals, subjects, or objects/entities associated with the event.
family AU
framework nist-800-53
Generate audit records containing the following additional information: {{ insert: param, au-03.01_odp }}.
family AU
framework nist-800-53
family AU
framework nist-800-53
Limit personally identifiable information contained in audit records to the following elements identified in the privacy risk assessment: {{ insert: param, au-03.03_odp }}.
family AU
framework nist-800-53
Allocate audit log storage capacity to accommodate {{ insert: param, au-04_odp }}.
family AU
framework nist-800-53
Transfer audit logs {{ insert: param, au-04.01_odp }} to a different system, system component, or media other than the system or system component conducting the logging.
family AU
framework nist-800-53
Alert {{ insert: param, au-05_odp.01 }} within {{ insert: param, au-05_odp.02 }} in the event of an audit logging process failure; and Take the following additional actions: {{ insert: param, au-05_odp.03 }}.
family AU
framework nist-800-53
Provide a warning to {{ insert: param, au-05.01_odp.01 }} within {{ insert: param, au-05.01_odp.02 }} when allocated audit log storage volume reaches {{ insert: param, au-05.01_odp.03 }} of repository maximum audit log storage capacity.
family AU
framework nist-800-53
Provide an alert within {{ insert: param, au-05.02_odp.01 }} to {{ insert: param, au-05.02_odp.02 }} when the following audit failure events occur: {{ insert: param, au-05.02_odp.03 }}.
family AU
framework nist-800-53
Enforce configurable network communications traffic volume thresholds reflecting limits on audit log storage capacity and {{ insert: param, au-05.03_odp }} network traffic above those thresholds.
family AU
framework nist-800-53
Invoke a {{ insert: param, au-05.04_odp.01 }} in the event of {{ insert: param, au-05.04_odp.02 }} , unless an alternate audit logging capability exists.
family AU
framework nist-800-53
Provide an alternate audit logging capability in the event of a failure in primary audit logging capability that implements {{ insert: param, au-05.05_odp }}.
family AU
framework nist-800-53
Review and analyze system audit records {{ insert: param, au-06_odp.01 }} for indications of {{ insert: param, au-06_odp.02 }} and the potential impact of the inappropriate or unusual activity; Report findings to {{ insert: param, au-06_odp.03 }} ; and Adjust the level of audit record review, analysis, and reporting within the system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.
family AU
framework nist-800-53
Integrate audit record review, analysis, and reporting processes using {{ insert: param, au-06.01_odp }}.
family AU
framework nist-800-53
family AU
framework nist-800-53
family AU
framework nist-800-53
Analyze and correlate audit records across different repositories to gain organization-wide situational awareness.
family AU
framework nist-800-53
Provide and implement the capability to centrally review and analyze audit records from multiple components within the system.
family AU
framework nist-800-53
Integrate analysis of audit records with analysis of {{ insert: param, au-06.05_odp.01 }} to further enhance the ability to identify inappropriate or unusual activity.
family AU
framework nist-800-53
Correlate information from audit records with information obtained from monitoring physical access to further enhance the ability to identify suspicious, inappropriate, unusual, or malevolent activity.
family AU
framework nist-800-53
Specify the permitted actions for each {{ insert: param, au-06.07_odp }} associated with the review, analysis, and reporting of audit record information.
family AU
framework nist-800-53
Perform a full text analysis of logged privileged commands in a physically distinct component or subsystem of the system, or other system that is dedicated to that analysis.
family AU
framework nist-800-53
Correlate information from nontechnical sources with audit record information to enhance organization-wide situational awareness.
family AU
framework nist-800-53
Provide and implement an audit record reduction and report generation capability that: Supports on-demand audit record review, analysis, and reporting requirements and after-the-fact investigations of incidents; and Does not alter the original content or time ordering of audit records.
family AU
framework nist-800-53
Provide and implement the capability to process, sort, and search audit records for events of interest based on the following content: {{ insert: param, au-07.01_odp }}.
family AU
framework nist-800-53
family AU
framework nist-800-53
Use internal system clocks to generate time stamps for audit records; and Record time stamps for audit records that meet {{ insert: param, au-08_odp }} and that use Coordinated Universal Time, have a fixed local time offset from Coordinated Universal Time, or that include the local time offset as part of the time stamp.
family AU
framework nist-800-53
family AU
framework nist-800-53
family AU
framework nist-800-53
Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and Alert {{ insert: param, au-09_odp }} upon detection of unauthorized access, modification, or deletion of audit information.
family AU
framework nist-800-53
Write audit trails to hardware-enforced, write-once media.
family AU
framework nist-800-53
Store audit records {{ insert: param, au-09.02_odp }} in a repository that is part of a physically different system or system component than the system or component being audited.
family AU
framework nist-800-53
Implement cryptographic mechanisms to protect the integrity of audit information and audit tools.
family AU
framework nist-800-53
Authorize access to management of audit logging functionality to only {{ insert: param, au-09.04_odp }}.
family AU
framework nist-800-53
Enforce dual authorization for {{ insert: param, au-09.05_odp.01 }} of {{ insert: param, au-09.05_odp.02 }}.
family AU
framework nist-800-53
Authorize read-only access to audit information to {{ insert: param, au-09.06_odp }}.
family AU
framework nist-800-53
Store audit information on a component running a different operating system than the system or component being audited.
family AU
framework nist-800-53