NIST 800-53 REV 5 • AUDIT AND ACCOUNTABILITY

AU-12(4)Query Parameter Audits of Personally Identifiable Information

Provide and implement the capability for auditing the parameters of user query events for data sets containing personally identifiable information.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Query parameters are explicit criteria that an individual or automated system submits to a system to retrieve data. Auditing of query parameters for datasets that contain personally identifiable information augments the capability of an organization to track and understand the access, usage, or sharing of personally identifiable information by authorized personnel.

Practitioner Notes

When systems process PII, audit the query parameters used to access that data. You need to know not just that someone queried the database, but what they searched for.

Example 1: Enable SQL Server Audit to log all SELECT queries on tables containing PII. Configure under Security → Audits and create a database audit specification for SELECT on sensitive tables. The audit captures the full query text including WHERE clause parameters.

Example 2: In your HR or CRM application, enable access logging that captures search parameters. If a user searches for "SSN = 123-45-6789", the log should record that search. Review these logs quarterly to identify unusual search patterns that might indicate data harvesting.

More Audit and Accountability Controls

AU-1 Policy and Procedures AU-2 Event Logging AU-2(1) Compilation of Audit Records from Multiple Sources AU-2(2) Selection of Audit Events by Component