Authorize Audit Accounts
The Authorize Audit Accounts page allows administrators to review, document, and manage authorization for identities that have both privileged and audit access within the environment. These identities require explicit annual authorization to comply with NIST SP 800-171 / CMMC control AU.L2-3.3.9, which restricts access to audit logs to approved personnel only.
This page centralizes all required actions for maintaining compliant audit-account governance, including authorization, documentation, periodic reviews, and bulk operations.
Purpose of the Page
Audit accounts pose elevated risk due to their ability to view sensitive log data. To remain compliant, each account must:
- Be individually reviewed/authorized
- Include contextual documentation explaining why access is required
- Be reauthorized annually
- Be monitored for upcoming expiry or missing notes This page provides the tools needed to perform and track all required compliance actions.
Key Features
1. Account Review
Use the filter controls to refine the list of identities by:
- Authorization state (Authorized / Not Authorized)
- CUI system
- Identity category
- Identity search
This helps you quickly locate identities requiring review or follow-up.
2. Authorization Management
Each identity includes an Actions column with buttons to:
- Authorize — Grant audit access for one year.
- Unauthorize — Revoke audit access immediately.
Authorization changes are logged along with the user who performed the action.
3. Notes and Documentation
Every audit account must include notes explaining why the identity requires audit access or providing other contextual details. Click the notes icon beside an identity to:
- Add new documentation
- Edit or review existing notes
Compliance requirement: Authorized identities without notes are flagged with a warning icon, as they do not meet documentation expectations.
4. Bulk Authorization
Use the Authorize Present button to authorize all accounts currently displayed in the table, based on your selected filters. This is useful when handling multiple audit accounts or when onboarding a group of audit identities.
5. Automated Review Alerts
If configured, the system can automatically send weekly notifications for accounts approaching their required yearly reauthorization date.
Enable the ASCERA Alert – Identities In Need of Review saved search to receive these emails.
Visual Indicators
To help administrators quickly understand account status, the page includes:
Orange Warning Icon
- Appears on authorized accounts missing documentation notes.
- Indicates that the authorization is incomplete for compliance purposes.
Red Clock Icon
- Appears when an authorized account is within 90 days of its annual authorization expiration.
- Indicates that reauthorization is required soon to maintain compliance.
Where Accounts Come From
Accounts are automatically sourced from your identity lookup. Any identity categorized as both privileged and audit will appear on this page and must be reviewed.
There is no need to manually add accounts; the page updates dynamically as the identity lookup changes.