CoreOS 4.x - Audit and Accountability

Control responses for NIST 800-53 rev4.

NOTE: All CoreOS content is under active development through the ComplianceAsCode Project. Do not consider this content production ready!


Requirements Traceability Matrix

Control Name Status
AU-1 Audit And Accountability Policy And Procedures

not applicable

AU-2 Audit Events

planned

AU-2 (1) Compilation Of Audit Records From Multiple Sources

not applicable

AU-2 (2) Selection Of Audit Events By Component

not applicable

AU-2 (3) Reviews And Updates

not applicable

AU-2 (4) Privileged Functions

not applicable

AU-3 Content Of Audit Records

planned

AU-3 (1) Additional Audit Information

partial

AU-3 (2) Centralized Management Of Planned Audit Record Content

planned

AU-4 Audit Storage Capacity

planned

AU-4 (1) Transfer To Alternate Storage

planned

AU-5 Response To Audit Processing Failures

planned

AU-5 (1) Audit Storage Capacity

planned

AU-5 (2) Real-Time Alerts

planned

AU-5 (3) Configurable Traffic Volume Thresholds

planned

AU-5 (4) Shutdown On Failure

planned

AU-6 Audit Review, Analysis, And Reporting

not applicable

AU-6 (1) Process Integration

planned

AU-6 (2) Automated Security Alerts

not applicable

AU-6 (3) Correlate Audit Repositories

not applicable

AU-6 (4) Central Review And Analysis

not applicable

AU-6 (5) Integration / Scanning And Monitoring Capabilities

not applicable

AU-6 (6) Correlation With Physical Monitoring

not applicable

AU-6 (7) Permitted Actions

not applicable

AU-6 (8) Full Text Analysis Of Privileged Commands

not applicable

AU-6 (9) Correlation With Information From Nontechnical Sources

not applicable

AU-6 (10) Audit Level Adjustment

not applicable

AU-7 Audit Reduction And Report Generation

planned

AU-7 (1) Automatic Processing

planned

AU-7 (2) Automatic Sort And Search

planned

AU-8 Time Stamps

planned

AU-8 (1) Synchronization With Authoritative Time Source

planned

AU-8 (2) Secondary Authoritative Time Source

planned

AU-9 Protection Of Audit Information

planned

AU-9 (1) Hardware Write-Once Media

not applicable

AU-9 (2) Audit Backup On Separate Physical Systems / Components

not applicable

AU-9 (3) Cryptographic Protection

planned

AU-9 (4) Access By Subset Of Privileged Users

planned

AU-9 (5) Dual Authorization

not applicable

AU-9 (6) Read Only Access

planned

AU-10 Non-Repudiation

planned

AU-10 (1) Association Of Identities

planned

AU-10 (2) Validate Binding Of Information Producer Identity

planned

AU-10 (3) Chain Of Custody

planned

AU-10 (4) Validate Binding Of Information Reviewer Identity

planned

AU-10 (5) Digital Signatures

not applicable

AU-11 Audit Record Retention

planned

AU-11 (1) Long-Term Retrieval Capability

planned

AU-12 Audit Generation

planned

AU-12 (1) System-Wide / Time-Correlated Audit Trail

planned

AU-12 (2) Standardized Formats

planned

AU-12 (3) Changes By Authorized Individuals

planned

AU-13 Monitoring For Information Disclosure

not applicable

AU-13 (1) Use Of Automated Tools

not applicable

AU-13 (2) Review Of Monitored Sites

not applicable

AU-14 Session Audit

planned

AU-14 (1) System Start-Up

planned

AU-14 (2) Capture/Record And Log Content

planned

AU-14 (3) Remote Viewing / Listening

planned

AU-15 Alternate Audit Capability

planned

AU-16 Cross-Organizational Auditing

not applicable

AU-16 (1) Identity Preservation

planned

AU-16 (2) Sharing Of Audit Information

not applicable




AU-1: Audit And Accountability Policy And Procedures

The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. An audit and accountability policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the audit and accountability policy and associated audit and accountability controls; and b. Reviews and updates the current: 1. Audit and accountability policy [Assignment: organization-defined frequency]; and 2. Audit and accountability procedures [Assignment: organization-defined frequency].

AU-1 Control Response Information
Implementation Status:

not applicable

AU-1: What is the solution and how is it implemented?
AU-1(a):

Developing an organization-level audit and accountability policy is outside the scope of CoreOS configuration.

AU-1(b):

Review and updating an organizational-level audit and accountability policy is outside the scope of CoreOS configuration.




AU-2: Audit Events

The organization: a. Determines that the information system is capable of auditing the following events: [Assignment: organization-defined auditable events]; b. Coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events; c. Provides a rationale for why the auditable events are deemed to be adequate to support after-the-fact investigations of security incidents; and d. Determines that the following events are to be audited within the information system: [Assignment: organization-defined audited events (the subset of the auditable events defined in AU-2 a.) along with the frequency of (or situation requiring) auditing for each identified event].

AU-2 Control Response Information
Implementation Status: