OpenStack Platform 13 - Audit and Accountability

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
AU-1 Audit And Accountability Policy And Procedures

not applicable

AU-2 Audit Events

not applicable

AU-2 (1) Compilation Of Audit Records From Multiple Sources
AU-2 (2) Selection Of Audit Events By Component
AU-2 (3) Reviews And Updates

not applicable

AU-2 (4) Privileged Functions
AU-3 Content Of Audit Records

complete

AU-3 (1) Additional Audit Information

not applicable

AU-3 (2) Centralized Management Of Planned Audit Record Content

planned

AU-4 Audit Storage Capacity

not applicable

AU-4 (1) Transfer To Alternate Storage
AU-5 Response To Audit Processing Failures

planned

AU-5 (1) Audit Storage Capacity

planned

AU-5 (2) Real-Time Alerts

planned

AU-5 (3) Configurable Traffic Volume Thresholds
AU-5 (4) Shutdown On Failure
AU-6 Audit Review, Analysis, And Reporting

not applicable

AU-6 (1) Process Integration

not applicable

AU-6 (2) Automated Security Alerts
AU-6 (3) Correlate Audit Repositories
AU-6 (4) Central Review And Analysis

planned

AU-6 (5) Integration / Scanning And Monitoring Capabilities

planned

AU-6 (6) Correlation With Physical Monitoring

planned

AU-6 (7) Permitted Actions

planned

AU-6 (8) Full Text Analysis Of Privileged Commands
AU-6 (9) Correlation With Information From Nontechnical Sources
AU-6 (10) Audit Level Adjustment

not applicable

AU-7 Audit Reduction And Report Generation

planned

AU-7 (1) Automatic Processing

planned

AU-7 (2) Automatic Sort And Search
AU-8 Time Stamps

complete

AU-8 (1) Synchronization With Authoritative Time Source

not applicable

AU-8 (2) Secondary Authoritative Time Source
AU-9 Protection Of Audit Information

planned

AU-9 (1) Hardware Write-Once Media
AU-9 (2) Audit Backup On Separate Physical Systems / Components

planned

AU-9 (3) Cryptographic Protection

planned

AU-9 (4) Access By Subset Of Privileged Users

planned

AU-9 (5) Dual Authorization
AU-9 (6) Read Only Access
AU-10 Non-Repudiation
AU-10 (1) Association Of Identities
AU-10 (2) Validate Binding Of Information Producer Identity
AU-10 (3) Chain Of Custody
AU-10 (4) Validate Binding Of Information Reviewer Identity
AU-10 (5) Digital Signatures
AU-11 Audit Record Retention

planned

AU-11 (1) Long-Term Retrieval Capability
AU-12 Audit Generation

planned

AU-12 (1) System-Wide / Time-Correlated Audit Trail

planned

AU-12 (2) Standardized Formats
AU-12 (3) Changes By Authorized Individuals

planned

AU-13 Monitoring For Information Disclosure
AU-13 (1) Use Of Automated Tools
AU-13 (2) Review Of Monitored Sites
AU-14 Session Audit
AU-14 (1) System Start-Up
AU-14 (2) Capture/Record And Log Content
AU-14 (3) Remote Viewing / Listening
AU-15 Alternate Audit Capability