Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family AU

AU-12Audit Record Generation

Provide audit record generation capability for the event types the system is capable of auditing as defined in [AU-2a](#au-2_smt.a) on {{ insert: param, au-12_odp.01 }}; Allow {{ insert: param, au-12_odp.02 }} to select the event types that are to be logged by specific components of the system; and Generate audit records for the event types defined in [AU-2c](#au-2_smt.c) that include the audit record content defined in [AU-3](#au-3).

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 15 mapping(s) from 3 framework(s): ASVS 5.0 8 (mostly) · CSF 2.0 6 (mostly) · OWASP-Web 1 (partial)

See the full cumulative-coverage rollup →

Implementations targeting this control (16)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (1)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-778Insufficient Logging25Directly requires generation of audit records for specified events, preventing the absence of logging that allows undetected malicious activity.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2024-22405.57.20.0047good
CVE-2025-526443.55.80.0014good
CVE-2026-240587.09.80.0053good
CVE-2026-307907.09.80.0022partial
CVE-2026-303127.09.80.0166partial
CVE-2025-578707.010.00.0050good
CVE-2025-255957.09.80.0046partial
CVE-2026-275937.09.30.0046partial
CVE-2026-255607.09.80.0065partial
CVE-2026-244367.09.80.0042partial
CVE-2025-150307.09.80.0049partial
CVE-2025-552346.08.80.1883partial
CVE-2024-388786.07.20.1145partial
CVE-2026-403185.58.50.0029partial
CVE-2026-48285.58.20.0026good
CVE-2025-140375.58.10.0017partial
CVE-2025-675075.58.10.0031partial
CVE-2025-23368 UPD5.58.10.0082partial
CVE-2026-406005.58.10.0023partial
CVE-2026-6832 UPD5.58.10.0047partial
CVE-2025-300765.57.70.0037partial
CVE-2024-514765.57.50.0040partial
CVE-2024-533575.57.50.0049partial
CVE-2026-305755.57.50.0042partial
CVE-2026-336675.57.40.0030partial

Other controls in family AU

AU-1 AU-10 AU-11 AU-13 AU-14 AU-15 AU-16 AU-2 AU-3 AU-4 AU-5 AU-6 AU-7 AU-8 AU-9