AU-12 ยท Audit Record Generation

Control Description

Provide audit record generation capability for the event types the system is capable of auditing as defined in [AU-2a](#au-2_smt.a) on {{ insert: param, au-12_odp.01 }}; Allow {{ insert: param, au-12_odp.02 }} to select the event types that are to be logged by specific components of the system; and Generate audit records for the event types defined in [AU-2c](#au-2_smt.c) that include the audit record content defined in [AU-3](#au-3).

Impact Baselines
Security baselines where this control applies
Not in any baseline
Control Properties
SP800-53
system
Control Statement
The control requirements

a. Provide audit record generation capability for the event types the system is capable of auditing as defined in [AU-2a](#au-2_smt.a) on {{ insert: param, au-12_odp.01 }};

b. Allow {{ insert: param, au-12_odp.02 }} to select the event types that are to be logged by specific components of the system; and

c. Generate audit records for the event types defined in [AU-2c](#au-2_smt.c) that include the audit record content defined in [AU-3](#au-3).

Supplemental Guidance

Audit records can be generated from many different system components. The event types specified in [AU-2d](#au-2_smt.d) are the event types for which audit logs are to be generated and are a subset of all event types for which the system can generate audit records.

Related NIST Controls
Other NIST 800-53 controls related to this one
AC-06
AC-17
AU-02
AU-03
AU-04
AU-05
AU-06
AU-07
AU-14
CM-05
MA-04
MP-04
PM-12
SA-08
SC-18
SI-03
SI-04
SI-07
SI-10