Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >SP 800-53
  3. >Audit And Accountability
  4. >SP800-53-AU-7
SP800-53-AU-7Active

Audit Record Reduction and Report Generation

Statement

Provide and implement an audit record reduction and report generation capability that: Supports on-demand audit record review, analysis, and reporting requirements and after-the-fact investigations of incidents; and Does not alter the original content or time ordering of audit records.

Location

Control Family
Audit and Accountability

Control Details

Identifier
SP800-53-AU-7
Family
AU

Supplemental Guidance

Audit record reduction is a process that manipulates collected audit log information and organizes it into a summary format that is more meaningful to analysts. Audit record reduction and report generation capabilities do not always emanate from the same system or from the same organizational entities that conduct audit logging activities. The audit record reduction capability includes modern data mining techniques with advanced data filters to identify anomalous behavior in audit records. The report generation capability provided by the system can generate customizable reports. Time ordering of audit records can be an issue if the granularity of the timestamp in the record is insufficient.

Assessment Objective

an audit record reduction and report generation capability is provided that supports on-demand audit record review, analysis, and reporting requirements and after-the-fact investigations of incidents; an audit record reduction and report generation capability is implemented that supports on-demand audit record review, analysis, and reporting requirements and after-the-fact investigations of incidents; an audit record reduction and report generation capability is provided that does not alter the original content or time ordering of audit records; an audit record reduction and report generation capability is implemented that does not alter the original content or time ordering of audit records.

No cross-framework mappings available

← Back to Audit and Accountability
Audit and Accountability69 controls
SP800-53-AU-1Policy and ProceduresSP800-53-AU-2Event LoggingSP800-53-AU-2(1)Compilation of Audit Records from Multiple SourcesSP800-53-AU-2(2)Selection of Audit Events by ComponentSP800-53-AU-2(3)Reviews and UpdatesSP800-53-AU-2(4)Privileged FunctionsSP800-53-AU-3Content of Audit RecordsSP800-53-AU-3(1)Additional Audit InformationSP800-53-AU-3(2)Centralized Management of Planned Audit Record ContentSP800-53-AU-3(3)Limit Personally Identifiable Information ElementsSP800-53-AU-4Audit Log Storage CapacitySP800-53-AU-4(1)Transfer to Alternate StorageSP800-53-AU-5Response to Audit Logging Process FailuresSP800-53-AU-5(1)Storage Capacity WarningSP800-53-AU-5(2)Real-time AlertsSP800-53-AU-5(3)Configurable Traffic Volume ThresholdsSP800-53-AU-5(4)Shutdown on FailureSP800-53-AU-5(5)Alternate Audit Logging CapabilitySP800-53-AU-6Audit Record Review, Analysis, and ReportingSP800-53-AU-6(1)Automated Process IntegrationSP800-53-AU-6(2)Automated Security AlertsSP800-53-AU-6(3)Correlate Audit Record RepositoriesSP800-53-AU-6(4)Central Review and AnalysisSP800-53-AU-6(5)Integrated Analysis of Audit RecordsSP800-53-AU-6(6)Correlation with Physical MonitoringSP800-53-AU-6(7)Permitted ActionsSP800-53-AU-6(8)Full Text Analysis of Privileged CommandsSP800-53-AU-6(9)Correlation with Information from Nontechnical SourcesSP800-53-AU-6(10)Audit Level AdjustmentSP800-53-AU-7Audit Record Reduction and Report GenerationSP800-53-AU-7(1)Automatic ProcessingSP800-53-AU-7(2)Automatic Sort and SearchSP800-53-AU-8Time StampsSP800-53-AU-8(1)Synchronization with Authoritative Time SourceSP800-53-AU-8(2)Secondary Authoritative Time SourceSP800-53-AU-9Protection of Audit InformationSP800-53-AU-9(1)Hardware Write-once MediaSP800-53-AU-9(2)Store on Separate Physical Systems or ComponentsSP800-53-AU-9(3)Cryptographic ProtectionSP800-53-AU-9(4)Access by Subset of Privileged UsersSP800-53-AU-9(5)Dual AuthorizationSP800-53-AU-9(6)Read-only AccessSP800-53-AU-9(7)Store on Component with Different Operating SystemSP800-53-AU-10Non-repudiationSP800-53-AU-10(1)Association of IdentitiesSP800-53-AU-10(2)Validate Binding of Information Producer IdentitySP800-53-AU-10(3)Chain of CustodySP800-53-AU-10(4)Validate Binding of Information Reviewer IdentitySP800-53-AU-10(5)Digital SignaturesSP800-53-AU-11Audit Record RetentionSP800-53-AU-11(1)Long-term Retrieval CapabilitySP800-53-AU-12Audit Record GenerationSP800-53-AU-12(1)System-wide and Time-correlated Audit TrailSP800-53-AU-12(2)Standardized FormatsSP800-53-AU-12(3)Changes by Authorized IndividualsSP800-53-AU-12(4)Query Parameter Audits of Personally Identifiable InformationSP800-53-AU-13Monitoring for Information DisclosureSP800-53-AU-13(1)Use of Automated ToolsSP800-53-AU-13(2)Review of Monitored SitesSP800-53-AU-13(3)Unauthorized Replication of InformationSP800-53-AU-14Session AuditSP800-53-AU-14(1)System Start-upSP800-53-AU-14(2)Capture and Record ContentSP800-53-AU-14(3)Remote Viewing and ListeningSP800-53-AU-15Alternate Audit Logging CapabilitySP800-53-AU-16Cross-organizational Audit LoggingSP800-53-AU-16(1)Identity PreservationSP800-53-AU-16(2)Sharing of Audit InformationSP800-53-AU-16(3)Disassociability