Control Description Data Protection Classification
Level 1 Level 2 Level 3 Level 4
AA-1 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. recommended required essential essential
AA-3 Review and update logged events. required required essential essential
AA-4 Alert in the event of an audit logging process failure. required required essential essential
AA-5 Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. required required essential essential
AA-6 Provide audit record reduction and report generation to support on-demand analysis and reporting. recommended recommended required essential
AA-7 Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records. required required essential essential
AA-8 Protect audit information and audit logging tools from unauthorized access, modification, and deletion. essential essential essential essential
AA-9 Limit management of audit logging functionality to a subset of privileged users. essential essential essential essential