AU-6: Audit Record Review, Analysis, and Reporting
From NIST's SP800-53:
a. Review and analyze system audit records [Assignment: organization-defined frequency] for indications of [Assignment: organization-defined inappropriate or unusual activity] and the potential impact of the inappropriate or unusual activity; b. Report findings to [Assignment: organization-defined personnel or roles]; and c. Adjust the level of audit record review, analysis, and reporting within the system when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| DE.AE-3 | Event data are collected and correlated from multiple sources and sensors |
| RS.CO-2 | Incidents are reported consistent with established criteria |
| RS.AN-1 | Notifications from detection systems are investigated |
| DE.AE-2 | Detected events are analyzed to understand attack targets and methods |
| ID.SC-4 | Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations. |
| DE.DP-4 | Event detection information is communicated |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1593.003 | Code Repositories | Reconnaissance |