AU-6 Audit Review, Analysis, and Reporting

Description

Audit review, analysis, and reporting covers information security-related auditing performed by organizations including, for example, auditing that results from monitoring of

  1. account usage,
  2. remote access,
  3. wireless connectivity,
  4. mobile device connection,
  5. configuration settings,
  6. system component inventory,
  7. use of maintenance tools and non-local maintenance,
  8. physical access,
  9. temperature and humidity,
  10. equipment delivery and removal,
  11. communications at the information system boundaries,
  12. use of mobile code, and
  13. use of VoIP.

Findings can be reported to organizational entities that include, for example, incident response team, help desk, information security group/department.

If organizations are prohibited from reviewing and analyzing audit information or unable to conduct such activities (e.g., in certain national security applications or systems), the review/analysis may be carried out by other organizations granted such authority.

Applicability

This Control applies to all TAMU-CC University information resources storing or accessing restricted or confidential information.

The intended audience is information resource custodians who are responsible for the installation of new information resources, the operations of existing information resources, and individuals accountable for information resources security.

Implementation

  1. TAMU-CC Primary Custodian regularly reviews/analyzes information system audit records for indications of inappropriate or unusual activity, investigates suspicious activity or suspected violations, reports findings to the Chief Information Security and Privacy Officer (CISPO), and takes necessary actions, including:
    1. The Primary Custodian of Critical 1 critical server or system shall ensure that the logs from that server or system are reviewed daily.
    2. The Primary Custodian of Critical 2 critical server or system shall ensure that the logs from that server or system are reviewed daily.
    3. The Primary Custodian of Critical 3 critical server or system shall ensure that the logs from that server or system are reviewed weekly.
    4. The Primary Custodian of a server or system that is neither Critical 1, Critical 2 nor Critical 3 critical shall ensure that the logs from that server or system are reviewed monthly. Reports findings to the Chief Information Security and Privacy Officer (CISPO) and Primary Business Owner.

Revision History

Last Updated: February 21, 2025

Previous Versions:

  • June 29, 2023
  • May 31, 2022
  • March 25, 2021
  • September 16, 2019

Chief Information Security and Privacy Officer

Submit a Ticket