AU.L2-3.3.3
AU.L2-3.3.3: Audit Review, Analysis, and Reporting
Regularly review and analyze audit logs to identify security events, then report findings to management.
AU.L2-3.3.4
AU.L2-3.3.4: Audit Failure Alerting
Alert system administrators and security personnel immediately when audit logging or analysis failures occur.
AU.L2-3.3.5
AU.L2-3.3.5: Audit Correlation
Correlate audit data from multiple sources to identify patterns and complex attack sequences that individual logs cannot detect.
AU.L2-3.3.6
AU.L2-3.3.6: Audit Reduction and Report Generation
Create tools and processes to filter audit logs and generate reports that focus on security-relevant events rather than routine system activity.
AU.L2-3.3.7
AU.L2-3.3.7: Authoritative Time Source
Synchronize all system clocks to a reliable, authoritative time source so audit logs are trustworthy and events can be correlated accurately.
AU.L2-3.3.8
AU.L2-3.3.8: Audit Protection
Protect audit logs from unauthorized access, modification, and deletion to preserve their integrity as evidence.
AU.L2-3.3.9
AU.L2-3.3.9: Audit Management
Limit audit log management functions (configuration, deletion, archival) to authorized individuals to prevent tampering.