search:
               

Status: Live

The organization will develop, disseminate, and review: 1) a formal traceability standard that address purpose, scope, and compliance; and 2) formal procedures to facilitate implementing the policy. [UCF ID 00640]

Supporting and supported controls

This control directly supports:

• Operationalizing key monitoring and logging concepts [UCF Control ID 00638]

This control has the following supporting controls:

• Ensure audit logs contain a timestamp which tracks user activity [UCF Control ID 00594]
• Log access to all audit trails [UCF Control ID 00646]
• Log the use of identification and authentication mechanisms [UCF Control ID 00648]
• Log user identification [UCF Control ID 01334]
• Identify and log event types [UCF Control ID 01335]
• Ensure the logs maintain proper date and time entries [UCF Control ID 01336]
• Log success or failure of each event and provide alerts on failure [UCF Control ID 01337]
• Log the origination of the event [UCF Control ID 01338]
• Uniquely identify affected asset’s log [UCF Control ID 01339]
• Synchronize system clocks [UCF Control ID 01340]

Authority documents complied with:

FFIEC IT Examination Handbook – Information Security, Pg 47, Pg 48, Exam Tier II Obj B.12, Exam Tier II Obj C.9; FFIEC IT Examination Handbook – Operations, July 2004, Pg 37; FFIEC IT Examination Handbook – Retail Payment Systems, March 2004, Exam Tier II Obj 7.7; North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security Standards, CIP-007-1 R5.1.2; Army Regulation 380-19: Information Systems Security, February 27, 1998, § 2-3.a(1), § 2-3.a(1)(c); NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006, § 8-602.b, § 8-607.b; IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return Information, § 5.6.2, Exhibit 4 AU-3; DISA Secure Remote Computing Security Technical Implementation Guide version 1.2, Version 1, Release 2, § 6.2.1; ISO/IEC 15408-2:2008 Common Criteria for Information Technology Security Evaluation Part 2, 2008, § 8.2, § C.3; Archer Control Table, ATCS-334; Payment Card Industry (PCI) Payment Application Data Security Standard, Version 1.1, § 4.1

Banking and Finance Guidance

Operating system access should be monitored and record user, terminal, date, and time of access. Access to system utilities should be logged. [Pg 47, Pg 48, Exam Tier II Obj B.12, Exam Tier II Obj C.9, FFIEC IT Examination Handbook – Information Security]

An audit trail should be maintained of all issued and unissued negotiable instruments. [Pg 37, FFIEC IT Examination Handbook – Operations, July 2004]

[Exam Tier II Obj 7.7, FFIEC IT Examination Handbook – Retail Payment Systems, March 2004]

Energy Guidance

The Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of ninety days. [CIP-007-1 R5.1.2, North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security Standards]

Payment Card Guidance

All activities should be traceable to an individual user and should be set as part of the default installation. [§ 4.1, Payment Card Industry (PCI) Payment Application Data Security Standard, Version 1.1]

US Federal Security Guidance

All information systems should implement an audit trail to maintain a history of the system's use. The audit trail should have enough detail to reconstruct the events when a security incident occurs. [§ 2-3.a(1), § 2-3.a(1)(c), Army Regulation 380-19: Information Systems Security, February 27, 1998]

The audit trail must provide for individual accountability to ensure all actions taken by a user are associated with the user. [§ 8-602.b, § 8-607.b, NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006]

US Internal Revenue Guidance

The audit logs must be able to track activities that take place on the system. [§ 5.6.2, Exhibit 4 AU-3, IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return Information]

Other Configuration Guidance

Audit log must record all authentication failures and violations. For each event the audit log must contain, at a minimum, the date and time of the event, the event's origin, all user identification information, and the type of event. [§ 6.2.1, DISA Secure Remote Computing Security Technical Implementation Guide version 1.2, Version 1, Release 2]

ISO Guidance

Each auditable event should be traceable to the individual ID of the user who caused the event. [§ 8.2, § C.3, ISO/IEC 15408-2:2008 Common Criteria for Information Technology Security Evaluation Part 2, 2008]

Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.