Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
7. Systems Audit<br />
These Systems Audit Non-Mandatory Procedures support the Enterprise Security <strong>Policy</strong><br />
(ITEC 7230 Rev 1) and the Default Security Requirements.<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
7. Systems Audit <br />
7.1. Systems Audit<br />
7.1.1. Configure Auditing Capabilities (4 sets) (3 sets)<br />
7.1.2. Test Auditing Capabilities (3 sets) (2 sets)<br />
7.1.3. Operate Auditing Capabilities (5 sets) (3 sets)<br />
7.2. Maintain Records <br />
7.1. Systems Audit<br />
The following are the Non-Mandatory Procedures that support the Systems Audit<br />
section <strong>of</strong> the Default Security Requirements:<br />
7.1.1. Configure Auditing Capabilities<br />
Systems Audit is used to ensure that systems are being operated in the manner<br />
according to which standards define, and so Agencies should configure all<br />
systems to capture appropriate logging information:<br />
7.1.1.1 Configure Systems to Create Log Entries<br />
Systems must be configured to generate logs and those logs must be<br />
configured to capture required information:<br />
• Establish which systems require logging capabilities. Use Risk<br />
and Business Impact Analyses to help establish appropriate<br />
systems.<br />
• Enable system and component logging capabilities.<br />
• Configure logging capabilities to capture, at a minimum, all<br />
system access events and all system administrative events.<br />
7.1.1.2 Provide Sufficient Primary and Secondary Storage<br />
Ensure that logging facilities <strong>of</strong>fer sufficient guidance to those<br />
investigating generated logs by providing sufficient log storage for<br />
historical review:<br />
• Systems should be configured such that logging facilities are<br />
provided with both on-line (active logs) storage and <strong>of</strong>f-line<br />
(archive) storage.<br />
• Systems should be configured to transfer log data from on-line<br />
storage to <strong>of</strong>f-line storage on a regular and pre-defined basis.<br />
• Verification <strong>of</strong> log transfers and validity <strong>of</strong> transferred log data<br />
should be performed before on-line log storage is cleared.<br />
26