UCF ID: 00595 |
Control Type: Configuration |
Status: Live |
Supporting and supported controls
This control directly supports:
- • Establish and maintain standards and procedures for collecting and interpreting logs. [UCF Control ID 00643]
There are no supporting controls.
Authority documents complied with:
FFIEC IT Examination Handbook – Information Security, Exam Tier II Obj B.13, Exam Tier II Obj M.6; Protection of Assets Manual, ASIS International, Pg 12-IV-21; Federal Information System Controls Audit Manual (FISCAM), February 2009, AC-3.2(C); Generally Accepted Principles and Practices for Securing Information Technology Systems, NIST SP 800-14, September 1996, § 3.13.2; ISO/IEC 17799 Code of Practice for Information Security Management, 2005, § 10.10.1; ISO/IEC 27002 Code of practice for information security management, 2005, § 10.10.1
Banking and Finance Guidance
[Exam Tier II Obj B.13, Exam Tier II Obj M.6, FFIEC IT Examination Handbook – Information Security]
US Federal Security Guidance
[AC-3.2(C), Federal Information System Controls Audit Manual (FISCAM), February 2009]
NIST Guidance
[§ 3.13.2, Generally Accepted Principles and Practices for Securing Information Technology Systems, NIST SP 800-14, September 1996]
ISO Guidance
System Administrators should not have the ability to erase or deactivate logs of their own activities. [§ 10.10.1, ISO/IEC 17799 Code of Practice for Information Security Management, 2005]
System Administrators should not have the ability to erase or deactivate logs of their own activities. [§ 10.10.1, ISO/IEC 27002 Code of practice for information security management, 2005]
General Guidance
Audit trails should not be able to be disabled. [Pg 12-IV-21, Protection of Assets Manual, ASIS International]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.