NIST SP 800-53 AU controls for quantum workloads
Quantum workloads in a FISMA or FedRAMP boundary inherit the same Audit and Accountability requirements as classical systems. The AU family is where most quantum deployments fail first.
Control mapping
- AU-2 — Event types defined per workload class; configurable selection
- AU-3 — Content: submitter, timestamp, environment, backend, calibration, outcome
- AU-8 — NTP-synchronized, monotonic chain ordering
- AU-9 — Append-only ledger; cryptographic chain; no overwrites
- AU-10 — ML-DSA signatures; named individual; offline verification
- AU-11 — Configurable retention: 1 / 3 / 7+ years
- AU-12 — Automatic capture at seal, route, execute, attest
Full open summary: control-mapping-summary.md · Schema: audit-record-schema.json