NIST 800-53 REV 5 • AUDIT AND ACCOUNTABILITY

AU-6(1)Automated Process Integration

Integrate audit record review, analysis, and reporting processes using {{ insert: param, au-06.01_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Organizational processes that benefit from integrated audit record review, analysis, and reporting include incident response, continuous monitoring, contingency planning, investigation and response to suspicious activities, and Inspector General audits.

Practitioner Notes

Integrate audit review with other security processes — incident response, vulnerability management, and continuous monitoring. Logs should feed into your broader security operations, not sit in isolation.

Example 1: Configure your SIEM to automatically create tickets in ServiceNow or Jira when high-severity alerts fire. The ticket includes the log evidence and assigns it to the appropriate analyst. This integrates audit review directly into your incident management workflow.

Example 2: Feed vulnerability scan results into your SIEM. When Nessus or Qualys identifies a critical vulnerability, the SIEM correlates it with logs from that system — are there exploit attempts targeting the known vulnerability? This integration turns raw log data into actionable intelligence.

More Audit and Accountability Controls

AU-1 Policy and Procedures AU-2 Event Logging AU-2(1) Compilation of Audit Records from Multiple Sources AU-2(2) Selection of Audit Events by Component