HOME

AU-2 (3)

AU-2 (3) H M
Description

The organization reviews and updates the audited events [Assignment: organization-defined frequency].

FedRAMP
  • H AU-2 (3) [annually or whenever there is a change in the threat environment]
  • M AU-2 (3) [annually or whenever there is a change in the threat environment]
DISA Cloud Computing SRG

Annually and based on situational awareness of threats, vulnerabilities

Source:
DoD RMF TAG

Supplemental Guidance

Over time, the events that organizations believe should be audited may change. Reviewing and updating the set of audited events periodically is necessary to ensure that the current set is still necessary and sufficient.

Further Guidance

AU-2 (3) Guidance: Annually or whenever changes in the threat environment are communicated to the service provider by the JAB/AO.