Purpose

In order for Information Technology activity and audit logs to be useful, they must record sufficient information to serve the operational needs, preserve accountability, and detect malicious activity. This standard defines these events and content.

Standard:

  1. All information systems will produce audit records for at least the following events
    a. Starting and stopping of processes and services
    b. Installation and removal of software
    c. System alerts and error messages
    d. System administration activities
    e. Password changes
  2. Remote access methods must employ appropriate security technologies to secure the session, as well as prevent unauthorized usage.
    a. Installation and removal of software
    b. System alerts and error messages
    c. System administration activities
    d. Access to and modification of Restricted Data
  3. Log records will include at least the following elements:
    a. Identifier of the system that generated the event
    b. Timestamp of the event
    c. The action or type of event and any relevant data
    d. Success or failure of the action
    e. The user associated with the event
    f. Remote address, if the event occurs over a network connection

RELATED STANDARDS

PDF DOWNLOADS