CMSgov / ars-machine-readable

Publish a machine readable version of the ARS standards to facilitate compliance as code efforts.
22 stars 4 forks source link

OMB M-21-31 considerations for AU control family #36

Open GaryGapinski opened 2 years ago

GaryGapinski commented 2 years ago

OMB M-21-31 levies requirements related to audit logging. The AU family of controls (and related ARS ODPs) should be reviewed to determine if the NIST control statements are adequate to describe the maturity levels stated in M-21-31 and if the NIST statements must be augmented/supplemented (which is accomplished by statement alteration in the control catalog directly or via a profile). There are no 800-53 proposed changes related to M-21-31 at this time.