Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization reviews and updates the audited events [FedRAMP Assignment: (M)(H) annually or whenever there is a change in the threat environment].
AU-2 (3) Additional FedRAMP Requirements and Guidance: Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO.
NIST 800-53 (r4) Supplemental Guidance:
Over time, the events that organizations believe should be audited may change. Reviewing and updating the set of audited events periodically is necessary to ensure that the current set is still necessary and sufficient.
NIST 800-53 (r5) Discussion:
Withdrawn: Incorporated into AU-2.
38North Guidance:
Meets Minimum Requirement:
Part a.
This control ensures the Cloud Service Provider (CSP) regularly reviews and updates the list of audit events that are relevant to the security of the system in question and defined in AU-2 of the SSP.
Best Practice:
Using a Cloud Service Offering (CSO) ticketing system to identify the audit events and perform the review/updated is a good way to ensure audit events are regularly reviewed and recorded.
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Part a.
Tickets (or similar documentation) that documents a formal review of the system audit events has occurred based on the defined frequency for the system. The ticket should denote if any updates to the audit events occurred.
If an update to the audit event was documented within a ticket, review the AU policy and SSP to ensure the list of audit events has been updated within both documents.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse