Asset Management $($AM$)$

Identify and document assets

AM$\mathrm{.}3\mathrm{.}036$ Define procedures for the handling of CUI data.

Manage asset inventory.

AM$\mathrm{.}4\mathrm{.}226$ Employ a capability to discover and identify systems with specific component

attributes $($e$.$g$.,$ firmware level, OS type$)$ within your inventory.

Yes

No

Alt

Please Answer in Yes, No$,$ Alt

Audit and Accountability $($AU$)$

Define audit requirements

AU$\mathrm{.}2\mathrm{.}041$ Ensure that the actions of individual system users can be uniquely traced to those

users so they can be held accountable for their actions.

AU$\mathrm{.}3\mathrm{.}046$ Alert in the event of an audit logging process failure.

Yes

No

Alt

AU$\mathrm{.}2\mathrm{.}042$ Create and retain system audit logs and records to the extent needed to enable the

monitoring, analysis, investigation, and reporting of unlawful or unauthorized

system activity.

AU$\mathrm{.}2\mathrm{.}043$ Provide a system capability that compares and synchronizes internal system clocks

Level $2$

with an authoritative source to generate time stamps for audit records.

AU$\mathrm{.}3\mathrm{.}048$ Collect audit information $($e$.$g$.,$ logs$)$ into one or more central repositories.

AU$\mathrm{.}5\mathrm{.}055$ Identify assets not reporting audit logs and assure appropriate organizationally

defined systems are logging$.$

Identify and protect audit information

AU$\mathrm{.}3\mathrm{.}049$ Protect audit information and audit logging tools from unauthorized access, modification, and deletion.

AU$\mathrm{.}3\mathrm{.}050$ Limit management of audit logging functionality to a subset of privileged users.

Level $3$

Review and manage audit logs

AU$\mathrm{.}2\mathrm{.}044$ Review audit logs$.$

AU$\mathrm{.}3\mathrm{.}051$ Correlate audit record review, analysis, and reporting processes for investigation

and response to indications of unlawful, unauthorized, suspicious, or unusual

activity.

AU$\mathrm{.}3\mathrm{.}052$ Provide audit record reduction and report generation to support on$-$demand

analysis and reporting.

AU$\mathrm{.}4\mathrm{.}053$ Automate analysis of audit logs to identify and act on critical indicators $($TTPs$)$

AU$\mathrm{.}4\mathrm{.}053$ Automate analysis of audit logs to identify and act on critical indicators $($TTPs$)$

and$/$or organizationally defined suspicious activity.

AU$\mathrm{.}4\mathrm{.}054$ Review audit information for broad activity in addition to per$-$machine activity.

Please Answer on Yes, No$,$Alt