Determines that the information system is capable of auditing the following events: [Assignment: organization-defined auditable events];
Coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events;
Provides a rationale for why the auditable events are deemed to be adequate to support after-the-fact investigations of security incidents; and
Determines that the following events are to be audited within the information system: [Assignment: organization-defined audited events (the subset of the auditable events defined in AU-2 a.) along with the frequency of (or situation requiring) auditing for each identified event].