NIST Special Publication 800-53 (Rev. 4)

Security and Privacy Controls for Federal Information Systems and Organizations

AU-14 SESSION AUDIT

Family:
Audit and Accountability
Class:
Priority:
P0 - Unspecified priority.
Baseline Allocation:
Low Moderate High

Control Description

The information system provides the capability for authorized users to select a user session to capture/record or view/hear.

Supplemental Guidance

Session audits include, for example, monitoring keystrokes, tracking websites visited, and recording information and/or file transfers. Session auditing activities are developed, integrated, and used in consultation with legal counsel in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, or standards.

Related to: AC-3AU-4AU-5AU-9AU-11

Control Enhancements

AU-14 (1) SESSION AUDIT | SYSTEM START-UP
The information system initiates session audits at system start-up.
AU-14 (2) SESSION AUDIT | CAPTURE/RECORD AND LOG CONTENT
The information system provides the capability for authorized users to capture/record and log content related to a user session.
AU-14 (3) SESSION AUDIT | REMOTE VIEWING / LISTENING
The information system provides the capability for authorized users to remotely view/hear all content related to an established user session in real time.

References

None.