03.03.02 - Audit Record Content

The au_l_02 control requires audit records to include key details such as user identity, timestamp, event type, outcome (success or failure), and the affected system components, providing sufficient information for monitoring and investigation. This ensures that any access, use, or modification of controlled unclassified information can be accurately traced and attributed.