3.3.5. Correlate audit review, analysis, and reporting processes for investigation and response to indications of inappropriate, suspicious, or unusual activity.
To go back to the NIST 800-171 Controls page, click here.
Guides
- NIST SP 800-92 – Guide to Computer Security Log Management
- SANS Institute – Successful SIEM and Log Management Strategies for Audit and Compliance
- Randy Franklin Smith’s Ultimate Windows Security – February, 2017
- DFAR is Here, Are You Ready?
- DFARS Self-Reporting with Splunk
Sample Policy & Procedures
- Norfolk State University – Administrative Policy # 32-8-306 (2014) Audit Review, Analysis, and Reporting
- SANS Institute – Information Logging Standard
Videos
- BrightTALK – Log Management: Achieving Compliance Objectives
- BrightTALK – Universal Log Management – How Much Information is Too Much?
- DFARS Self-Reporting with Splunk Enterprise
Example Tools
- Splunk
- Netsurion (formerly EventTracker)
- Rapid7
- AT&T Cybersecurity (formerly AlienVault)
- Logwatch