AU-1 Audit and Accountability

Audit and Accountability Policy and Procedures

Medium Priority Intermediate Level NIST CSF

The organization develops, documents, and disseminates audit and accountability policy and procedures that address purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

Implementation Guidance

Develop comprehensive audit and accountability policies that define what events to log, how to protect audit logs, and how to review audit information.

Best Practices

Implement comprehensive logging, protect audit logs from tampering, conduct regular audit reviews, maintain audit trails

Testing Procedures

Test audit logging functionality, verify log protection mechanisms, review audit procedures

Related Guidelines

AU-2, AU-3, AU-4, AU-5, AU-6

Quick Facts

Guideline ID: AU-1
Category: Audit and Accountability
Subcategory: Policy and Procedures
Priority: Medium
Level: Intermediate
Views: 26
Last Updated: Dec 5, 2025

Actions

Get Expert Help Free Assessment

Additional Resources

NIST SP 800-53 Rev. 5, NIST SP 800-92 Guide to Computer Security Log Management, HIPAA Security Rule

Related Guidelines

AU-10(4) Medium

Enhanced AU-10 (4)

NIST AU-10(4) control implementation guidance for Enhanced AU-10 (4). This enhanced control addresses Audit and Accounta...

AU-2 Medium

Audit Events

NIST AU-2 control implementation guidance for Audit Events. This control addresses Audit and Accountability requirements...

AU-6(6) Medium

Enhanced AU-6 (6)

NIST AU-6(6) control implementation guidance for Enhanced AU-6 (6). This enhanced control addresses Audit and Accountabi...