AU-14 SESSION AUDIT

Page last updated:

PCF Compliance

This requirement is an organizational responsibility and out of scope for the PCF platform. It should be noted that additional security agents can be added to the PCF platform VMs as BOSH Add-ons, if and as needed. In addition, this requirement is categorized as P0, and so not required for FISMA Moderate.


Control Description

The information system provides the capability for authorized users to select a user session to capture/record or view/hear.

Supplemental Guidance

Session audits include, for example, monitoring keystrokes, tracking websites visited, and recording information and/or file transfers. Session auditing activities are developed, integrated, and used in consultation with legal counsel in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, or standards.