| Control ID |
Control Description | Data Protection Classification | ||||||
| Level 1 | Level 2 | Level 3 | Level 4 | |||||
| AA-1 | Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. | recommended | required | essential | essential | |||
| AA-3 | Review and update logged events. | required | required | essential | essential | |||
| AA-4 | Alert in the event of an audit logging process failure. | required | required | essential | essential | |||
| AA-5 | Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. | required | required | essential | essential | |||
| AA-6 | Provide audit record reduction and report generation to support on-demand analysis and reporting. | recommended | recommended | required | essential | |||
| AA-7 | Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records. | required | required | essential | essential | |||
| AA-8 | Protect audit information and audit logging tools from unauthorized access, modification, and deletion. | essential | essential | essential | essential | |||
| AA-9 | Limit management of audit logging functionality to a subset of privileged users. | essential | essential | essential | essential | |||