Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization adjusts the level of audit review, analysis, and reporting within the information system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.
NIST 800-53 (r4) Supplemental Guidance:
The frequency, scope, and/or depth of the audit review, analysis, and reporting may be adjusted to meet organizational needs based on new information received.
NIST 800-53 (r5) Discussion:
Withdrawn: Incorporated into AU-6.
38North Guidance:
Meets Minimum Requirement:
The organization adjusts the level of audit review, analysis, and reporting within the information system when there is a change in risk based on law enforcement information, intelligence information, and or other credible sources of information.
Best Practice:
Security Operations Center (SOC) personnel or security team should be able to adjust what they are monitoring within the Security Information and Event Management (SIEM) tool based on alerts from law enforcement, subscribe to security bulletins from security sources such as US-Cert etc.
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Screen shots of SOC or security personnel subscribing to US-Cert and other security bulletin alerts/advisories.
Screen shots of SOC or security personnel modifying the SIEM tool to alert to the new threats.
Screen shots of SOC or security personnel or responsible personnel adjusting the level of logging from system components because of new threats alerted on from US-Cert, law enforcement etc.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse