Content of Audit Records

Manual Inspection items for NIST SP 800-53 AU-3 assessment.

Manual Inspection items are useful mainly for CA-2 Security Assessments and CA-4 Security Certification. For most environments they are too laborious to include in CA-7 Continuous Monitoring.

Depending on FIPS 199 impact level and whether the Industrial Control Systems (ICS/SCADA) subset of 800-53 is chosen,  LJK/Security™ starter templates provide Manual Inspection items in the following groups:

Manual Invasive Testing items for NIST SP 800-53 AU-3 assessment.

Manual Invasive Testing items are useful mainly for CA-2 Security Assessments and CA-4 Security Certification. For most environments they are too laborious to include in CA-7 Continuous Monitoring. The level of effort required and the degree of invasiveness are so high (in most cases making up for lack of Common Criteria evaluation) that arrangement as a Common Control is almost always a requirement for execution.

Depending on FIPS 199 impact level and whether the Industrial Control Systems (ICS/SCADA) subset of 800-53 is chosen,  LJK/Security™ starter templates provide Manual Invasive Testing items in the following groups:

Compensating Control items for NIST SP 800-53 AU-3 assessment.

Compensating Control items are useful mainly for CA-2 Security Assessments and CA-4 Security Certification, but those below are based on the nature of the operating system environment so including them in CA-7 Continuous Monitoring results involves little burden and provides little value.

Depending on FIPS 199 impact level and whether the Industrial Control Systems (ICS/SCADA) subset of 800-53 is chosen,  LJK/Security™ starter templates provide Compensating Control items in the following groups: