U.S. Department of Health and Human Services
Audit and Accountability - (1) Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity; (2) Ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions.
System and Communications Protection - (1) Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems; and (2) Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational information systems.
Page 5 of 5
Using Security Controls