AU-3 Content of Audit Events
Description
Audit record content that may be necessary to satisfy the requirement of this Control, includes, for example:
- time stamps,
- source and destination addresses,
- user/process identifiers,
- event descriptions,
- success/fail indications,
- filenames involved, and
- access control or flow control rules invoked.
Event outcomes can include indicators of event success or failure and event-specific results (e.g., the security state of the information system after the event occurred).
To learn more, see NIST Special Publication 800-92.
Applicability
This Control applies to all TAMU-CC information resources containing controlled or confidential information.
The intended audience is information resource custodians who are responsible for the installation of new information resources, the operations of existing information resources, and individuals accountable for information resources security.
Implementation
The information system generates audit records containing information that establishes what type of event occurred, when the event occurred, where the event occurred, the source of the event, the outcome of the event, and the identity of any individuals or subjects associated with the event.
Audit record content includes, for most audit records:
- date and time of the event;
- the component of the information system (e.g., software component, hardware component) where the event occurred;
- type of event;
- user/subject identity; and
- the outcome (success or failure) of the event.
NIST Special Publication 800-92 provides guidance on computer security log management.
Revision History
Last Updated: February 21, 2025
Previous Versions:
- June 29, 2023
- May 31, 2022
- March 25, 2021
- September 16, 2019