Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The information system provides centralized management and configuration of the content to be captured in audit records generated by [FedRAMP Assignment: (H) all network, data storage, and computing devices].
NIST 800-53 (r4) Supplemental Guidance:
This control enhancement requires that the content to be captured in audit records be configured from a central location (necessitating automation). Organizations coordinate the selection of required audit content to support the centralized management and configuration capability provided by the information system. Related controls: AU-6, AU-7.
NIST 800-53 (r5) Discussion:
Withdrawn: Incorporated into PL-9.
38North Guidance:
Meets Minimum Requirement:
The Cloud Service Provider (CSP) utilizes a centralized management process to ensure audit records are generated and captured by the Cloud Service Offering (CSO). Group policy is typically used to perform this capability. Group Policy Object (GPO) settings are configured to ensure the CSO components are configured to capture the audit events defined in AU-2. Chef Playbook and Puppet are examples of centralized management tools that are often used to enforce the GPO settings for content to be captured in audit records for the CSO.
Best Practice:
TBD
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Review the group policy that enforces the audit security policy for the CSO. Ensure the GPO setting is configured for all user groups, components, and resources.
Review automated mechanisms (Chef Playbook, Puppet, etc.) that force audit security policy for the CSO. The automated tool should force the security policy for all CSO components, users and resources.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse