Back

Restrict access to audit trails to a need to know basis.


CONTROL ID
11641
CONTROL TYPE
Technical Security
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a log management program., CC ID: 00673

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Limit audit trails to a need to know basis. (§ 5.6, The Center for Internet Security AIX Benchmark, 1.0.1)
  • Limit audit trails to a need to know basis. (§ 5.4, § 5.5, The Center for Internet Security FreeBSD Benchmark, 1.0.5)
  • Limit audit trails to a need to know basis. (§ 7.5, The Center for Internet Security HP-UX Benchmark, 1.4.2)
  • Limit audit trails to a need to know basis. (§ 5.3, The Center for Internet Security Red Hat Enterprise Linux Benchmark, 1.0.5)
  • Limit audit trails to a need to know basis. (§ 5.3, The Center for Internet Security Red Hat Enterprise Linux Benchmark, 1.1.1)
  • Limit audit trails to a need to know basis. (§ 5.3, The Center for Internet Security Slackware Linux Benchmark, 1.1)
  • The system hardening procedure to limit audit trails to a need to know basis is called for. (§ 4.9, The Center for Internet Security Solaris 10 Benchmark, 2.1.2)
  • Limit audit trails to a need to know basis. (§ 5.9, The Center for Internet Security Solaris Benchmark, 1.5.0)
  • Limit audit trails to a need to know basis. (§ 5.3, The Center for Internet Security SuSE Linux Enterprise Server Benchmark, 2)
  • Verify that only individuals who have a job-related need can view audit trail files. (§ 10.5.1, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0)
  • Interview System Administrators and examine system configurations and permissions to verify audit trails are secured so only individuals with a job-related need can view the audit trail files. (Testing Procedures § 10.5.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
  • The organization must ensure audit trails can only be accessed by personnel with a need to know. (§ 10.5.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
  • Verify that only individuals who have a job-related need can view audit trail files. (§ 10.5.1 Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
  • The viewing of audit trails must be limited to personnel with a job-related need. (PCI DSS Requirements § 10.5.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0)
  • Limit viewing of audit trails to those with a job-related need. (10.5.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.1 April 2015)
  • Limit viewing of audit trails to those with a job-related need. (10.5.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)
  • Limit viewing of audit trails to those with a job-related need. (10.5.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2)
  • Is viewing of audit trails limited to those with a job-related need? (10.5.1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.2)
  • Is viewing of audit trails limited to those with a job-related need? (10.5.1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.1)
  • Is viewing of audit trails limited to those with a job-related need? (10.5.1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.2)
  • Is viewing of audit trails limited to those with a job-related need? (10.5.1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
  • Is viewing of audit trails limited to those with a job-related need? (10.5.1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.2)
  • Only individuals who have a job-related need can view audit trail files. (10.5.1, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
  • Is viewing of audit trails limited to those with a job-related need? (PCI DSS Question 10.5.1, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
  • Is viewing of audit trails limited to those with a job-related need? (PCI DSS Question 10.5.1, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
  • Only authorized users should be granted read access to the audit trail. (§ 8.4, § C.5, ISO 15408-2 Common Criteria for Information Technology Security Evaluation Part 2, 2008)
  • Audit records shall be secure and tamper-proof. Access to system audit tools and audit trails shall be safeguarded to prevent misuse or compromise. (§ 12.4.2 Health-specific control, ISO 27799:2016 Health informatics — Information security management in health using ISO/IEC 27002, Second Edition)
  • Components shall protect audit information, audit logs, and audit tools (if present) from unauthorized access, modification and deletion. (7.11.1 ¶ 1, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
  • CSR 2.1.4: The organization must use privilege restrictions to deny non-administrators access to administrator tools, utilities, and scripts. CSR 2.1.6: The organization must restrict access to audit logs and audit trails. The organization must protect audit tools and audit information from unauthor… (CSR 2.1.4, CSR 2.1.6, Pub 100-17 Medicare Business Partners Systems Security, Transmittal 7, Appendix A: CMS Core Security Requirements CSR, March 17, 2006)
  • Only personnel authorized to perform security audit functions must be allowed access to the audit trails. (Exhibit 9 Event 17, IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return Information)