Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >SP 800-53
  3. >Audit And Accountability
  4. >SP800-53-AU-6(8)
SP800-53-AU-6(8)Active

Full Text Analysis of Privileged Commands

Statement

Perform a full text analysis of logged privileged commands in a physically distinct component or subsystem of the system, or other system that is dedicated to that analysis.

Location

Control Family
Audit and Accountability

Control Details

Identifier
SP800-53-AU-6(8)
Family
AU
Parent Control
SP800-53-AU-6

Supplemental Guidance

Full text analysis of privileged commands requires a distinct environment for the analysis of audit record information related to privileged users without compromising such information on the system where the users have elevated privileges, including the capability to execute privileged commands. Full text analysis refers to analysis that considers the full text of privileged commands (i.e., commands and parameters) as opposed to analysis that considers only the name of the command. Full text analysis includes the use of pattern matching and heuristics.

Assessment Objective

a full text analysis of logged privileged commands in a physically distinct component or subsystem of the system or other system that is dedicated to that analysis is performed.

No cross-framework mappings available

← Back to Audit and Accountability
Audit and Accountability69 controls
SP800-53-AU-1Policy and ProceduresSP800-53-AU-2Event LoggingSP800-53-AU-2(1)Compilation of Audit Records from Multiple SourcesSP800-53-AU-2(2)Selection of Audit Events by ComponentSP800-53-AU-2(3)Reviews and UpdatesSP800-53-AU-2(4)Privileged FunctionsSP800-53-AU-3Content of Audit RecordsSP800-53-AU-3(1)Additional Audit InformationSP800-53-AU-3(2)Centralized Management of Planned Audit Record ContentSP800-53-AU-3(3)Limit Personally Identifiable Information ElementsSP800-53-AU-4Audit Log Storage CapacitySP800-53-AU-4(1)Transfer to Alternate StorageSP800-53-AU-5Response to Audit Logging Process FailuresSP800-53-AU-5(1)Storage Capacity WarningSP800-53-AU-5(2)Real-time AlertsSP800-53-AU-5(3)Configurable Traffic Volume ThresholdsSP800-53-AU-5(4)Shutdown on FailureSP800-53-AU-5(5)Alternate Audit Logging CapabilitySP800-53-AU-6Audit Record Review, Analysis, and ReportingSP800-53-AU-6(1)Automated Process IntegrationSP800-53-AU-6(2)Automated Security AlertsSP800-53-AU-6(3)Correlate Audit Record RepositoriesSP800-53-AU-6(4)Central Review and AnalysisSP800-53-AU-6(5)Integrated Analysis of Audit RecordsSP800-53-AU-6(6)Correlation with Physical MonitoringSP800-53-AU-6(7)Permitted ActionsSP800-53-AU-6(8)Full Text Analysis of Privileged CommandsSP800-53-AU-6(9)Correlation with Information from Nontechnical SourcesSP800-53-AU-6(10)Audit Level AdjustmentSP800-53-AU-7Audit Record Reduction and Report GenerationSP800-53-AU-7(1)Automatic ProcessingSP800-53-AU-7(2)Automatic Sort and SearchSP800-53-AU-8Time StampsSP800-53-AU-8(1)Synchronization with Authoritative Time SourceSP800-53-AU-8(2)Secondary Authoritative Time SourceSP800-53-AU-9Protection of Audit InformationSP800-53-AU-9(1)Hardware Write-once MediaSP800-53-AU-9(2)Store on Separate Physical Systems or ComponentsSP800-53-AU-9(3)Cryptographic ProtectionSP800-53-AU-9(4)Access by Subset of Privileged UsersSP800-53-AU-9(5)Dual AuthorizationSP800-53-AU-9(6)Read-only AccessSP800-53-AU-9(7)Store on Component with Different Operating SystemSP800-53-AU-10Non-repudiationSP800-53-AU-10(1)Association of IdentitiesSP800-53-AU-10(2)Validate Binding of Information Producer IdentitySP800-53-AU-10(3)Chain of CustodySP800-53-AU-10(4)Validate Binding of Information Reviewer IdentitySP800-53-AU-10(5)Digital SignaturesSP800-53-AU-11Audit Record RetentionSP800-53-AU-11(1)Long-term Retrieval CapabilitySP800-53-AU-12Audit Record GenerationSP800-53-AU-12(1)System-wide and Time-correlated Audit TrailSP800-53-AU-12(2)Standardized FormatsSP800-53-AU-12(3)Changes by Authorized IndividualsSP800-53-AU-12(4)Query Parameter Audits of Personally Identifiable InformationSP800-53-AU-13Monitoring for Information DisclosureSP800-53-AU-13(1)Use of Automated ToolsSP800-53-AU-13(2)Review of Monitored SitesSP800-53-AU-13(3)Unauthorized Replication of InformationSP800-53-AU-14Session AuditSP800-53-AU-14(1)System Start-upSP800-53-AU-14(2)Capture and Record ContentSP800-53-AU-14(3)Remote Viewing and ListeningSP800-53-AU-15Alternate Audit Logging CapabilitySP800-53-AU-16Cross-organizational Audit LoggingSP800-53-AU-16(1)Identity PreservationSP800-53-AU-16(2)Sharing of Audit InformationSP800-53-AU-16(3)Disassociability