UCF ID: 00640 |
Control Type: Process or Activity |
Status: Live |
Supporting and supported controls
This control directly supports:
- • Operationalize key monitoring and logging concepts to ensure the audit trails capture sufficient information. [UCF Control ID 00638]
This control has the following supporting controls:
- • Ensure the audit logs contain a timestamp. [UCF Control ID 00594]
• Log all access to the audit trail. [UCF Control ID 00646]
• Log the usage of identification and authentication mechanisms. [UCF Control ID 00648]
• Ensure user identifications are logged. [UCF Control ID 01334]
• Establish and maintain standards and procedures for identifying and logging event types. [UCF Control ID 01335]
• Ensure the proper date and time entries are logged. [UCF Control ID 01336]
• Log and send alerts for the success or failure of each auditable event. [UCF Control ID 01337]
• Log the origination of each auditable event. [UCF Control ID 01338]
• Uniquely identify each affected asset in the log. [UCF Control ID 01339]
• Ensure system clocks are synchronized with an accurate and universal time source. [UCF Control ID 01340]
Authority documents complied with:
FFIEC IT Examination Handbook – Information Security, Pg 47, Pg 48, Exam Tier II Obj B.12, Exam Tier II Obj C.9; FFIEC IT Examination Handbook – Operations, July 2004, Pg 37; FFIEC IT Examination Handbook – Retail Payment Systems, March 2004, Exam Tier II Obj 7.7; North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security Standards, CIP-007-1 R5.1.2; Army Regulation 380-19: Information Systems Security, February 27, 1998, § 2-3.a(1), § 2-3.a(1)(c); NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006, § 8-602.b, § 8-607.b; IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return Information, § 5.6.2, Exhibit 4 AU-3; DISA Secure Remote Computing Security Technical Implementation Guide, Version 1, Release 2, § 6.2.1; ISO/IEC 15408-2 Common Criteria for Information Technology Security Evaluation Part 2, 2008, § 8.2, § C.3; Payment Card Industry (PCI) Payment Application Data Security Standard, Version 1.1, § 4.1; Leahy Personal Data Privacy and Security Act of 2009, Senate Bill 1490, 111th Congress, § 302(a)(4)(B)(v)
Banking and Finance Guidance
Operating system access should be monitored and record user, terminal, date, and time of access. Access to system utilities should be logged. [Pg 47, Pg 48, Exam Tier II Obj B.12, Exam Tier II Obj C.9, FFIEC IT Examination Handbook – Information Security]
An audit trail should be maintained of all issued and unissued negotiable instruments. [Pg 37, FFIEC IT Examination Handbook – Operations, July 2004]
[Exam Tier II Obj 7.7, FFIEC IT Examination Handbook – Retail Payment Systems, March 2004]
Energy Guidance
The Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of ninety days. [CIP-007-1 R5.1.2, North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security Standards]
Payment Card Guidance
All activities should be traceable to an individual user and should be set as part of the default installation. [§ 4.1, Payment Card Industry (PCI) Payment Application Data Security Standard, Version 1.1]
US Federal Security Guidance
All information systems should implement an audit trail to maintain a history of the system's use. The audit trail should have enough detail to reconstruct the events when a security incident occurs. [§ 2-3.a(1), § 2-3.a(1)(c), Army Regulation 380-19: Information Systems Security, February 27, 1998]
The audit trail must provide for individual accountability to ensure all actions taken by a user are associated with the user. [§ 8-602.b, § 8-607.b, NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006]
US Federal Privacy Guidance
Measures appropriate to the sensitivity of the data and the size, scope, and complexity of the business entity's activities must be developed to trace all access to records that contain sensitive personally identifiable information in order for the business entity to be able to determine who acquired or accessed sensitive personally identifiable information that pertains to a specific individual. [§ 302(a)(4)(B)(v), Leahy Personal Data Privacy and Security Act of 2009, Senate Bill 1490, 111th Congress]
US Internal Revenue Guidance
The audit logs must be able to track activities that take place on the system. [§ 5.6.2, Exhibit 4 AU-3, IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return Information]
Other Configuration Guidance
Audit log must record all authentication failures and violations. For each event the audit log must contain, at a minimum, the date and time of the event, the event's origin, all user identification information, and the type of event. [§ 6.2.1, DISA Secure Remote Computing Security Technical Implementation Guide, Version 1, Release 2]
ISO Guidance
Each auditable event should be traceable to the individual ID of the user who caused the event. [§ 8.2, § C.3, ISO/IEC 15408-2 Common Criteria for Information Technology Security Evaluation Part 2, 2008]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.