Time
1 hour 27 minutes
Difficulty
Intermediate
CEU/CPE
2

Video Description

This lesson covers Domain 5, which are the basic requirements for auditing and accountability and discusses 3.3.1 and 3.3.2.

Video Transcription

00:03
All right, Domain five, audit and accountability. So this is the third requirement of nous Special Publication 800-1 71. Which, of course, what we've been covering auditing accountability. So the basic requirements, what we're trying to accomplish, we're gonna create,
00:22
protect and retain information system
00:25
audit records to the extent needed to enable monitoring, analysis, investigation and reporting of unlawful, unauthorized or inappropriate information system activity. So basically, we're gonna have an audit log, and we're gonna protect that audit log from modification
00:43
will determine how long it needs to be retained. And ultimately, we're gonna make sure that it audits enough information to assist us with monitoring
00:52
any sort of investigation efforts so that we can track any sort of inappropriate behavior or inappropriate system activity. And then the second element, we're gonna ensure the actions of individual information system Users
01:07
can be uniquely traced to those users so that they can be held accountable for their actions.
01:12
So when an activity happens, I want to be able to trace it right back to a specific individual. This goes back to what I had talked about earlier. How we can't share accounts if you've got three people using the same account sales user. Well, one of those individuals does something in modifies, Ah,
01:32
or uses special permissions or whatever. We can't track it back to the individual responsible, so we want that separation
01:38
for individual accounts.

Up Next

NIST 800-171 Controlled Unclassified Information Course

The Cybrary NIST 800-171 course covers the 14 domains of safeguarding controlled unclassified information in non-federal agencies. Basic and derived requirements are presented for each security domain as defined in the NIST 800-171 special publication.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor