Back

Preserve the identity of individuals in audit trails.


CONTROL ID
10594
CONTROL TYPE
Log Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a log management program., CC ID: 00673

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • The licensed corporation should ensure that (i) it can provide detailed audit trail information in a legible form regarding any access to the Regulatory Records (including read, write and modify) stored by the licensed corporation at the EDSP, and (ii) the audit trail is a complete record of any acc… (7.(e), Circular to Licensed Corporations - Use of external electronic data storage)
  • It must be possible for non-personalised access rights to be unequivocally traced back to an active person at all times (wherever possible, automatically). Any departures from this in justifiable exceptional cases and the resultant risks shall be approved and documented. (II.5.25, Circular 10/2017 (BA): Supervisory Requirements for IT in Financial Institutions, 14.09.2018)
  • How are activities traced back to individual client personnel or individual CSP personnel? (Appendix D, Regularly Monitor and Test Networks Bullet 1, Information Supplement: PCI DSS Cloud Computing Guidelines, Version 2.0)
  • shall ensure that each subject of care can be uniquely identified within the system; (§ 14.1.1.1 Health-specific control ¶ 1(a), ISO 27799:2016 Health informatics — Information security management in health using ISO/IEC 27002, Second Edition)
  • If the institution is an ODFI and permits third-party sender payments, determine whether it requires the third-party sender to establish the identity of each originator using commercially reasonable methods to warrant that the originators will assume their responsibilities under NACHA rules and to w… (App A Tier 1 Objectives and Procedures Objective 8:5, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Identify the originating personnel. (App A Tier 2 Objectives and Procedures I.18 Bullet 2, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • The organization requires that the identity of individuals be preserved in cross-organizational audit trails. (AU-16(1), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization requires that the identity of individuals be preserved in cross-organizational audit trails. (AU-16(1) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Preserve the identity of individuals in cross-organizational audit trails. (AU-16(1) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Preserve the identity of individuals in cross-organizational audit trails. (AU-16(1) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)