AU-6: Audit Record Review, Analysis, and Reporting

NIST Baseline: Low

Information resource custodians are responsible for:
- Routinely reviewing information system audit logs for indications of security incidents and other unusual or suspicious activity at a frequency appropriate for the level of risk;
- Reporting security incidents, and other unusual or suspicious activity to the information resource owner and/or the Chief Information Security Officer (CISO) following the processes defined in Control IR-1, Incident Response Policy and Procedure, and Control IR-6, Incident Reporting; and
- Updating the level of log review and reporting when there is a change in risk for an information system. The level of audit review, analysis, and reporting should also be adjusted accordingly due to changes in risk based on law enforcement, intelligence information, or other credible sources of information.

None. See any applicable internal procedures.