Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
7.1.1.3 Require Authenticated Access to Logs and Logging Capabilities<br />
Manage user and administrator access to logs and logging facilities to<br />
ensure the confidentiality and integrity <strong>of</strong> log information:<br />
• The number <strong>of</strong> users that have access to logs and logging<br />
facilities should be kept to a minimum. Manual authorization<br />
is recommended for the granting <strong>of</strong> access to logs and/or<br />
logging facility.<br />
• Systems should be configured to require the use <strong>of</strong> identified<br />
and authenticated access to logs and logging facilities.<br />
7.1.1.4 Configure the System to Respond to Logging Failure<br />
In the event the logging system fails for any reason, systems should<br />
be configured to take reasonable and appropriate actions.<br />
7.1.2. Test Auditing Capabilities<br />
Agencies should perform periodic audit capability testing to ensure that<br />
auditing capabilities continue to operate as intended:<br />
7.1.2.1 Ensure Systems Create Appropriate Logs and Log Entries<br />
To ensure the logging capabilities <strong>of</strong> the system are functioning<br />
according to specifications, regular function tests should be<br />
performed:<br />
7.1.2.2 Ensure Authentication is Required for Log Access<br />
To ensure that access to the logging capabilities <strong>of</strong> the system is<br />
appropriately secure, regular access tests should be performed:<br />
7.1.2.3 Ensure Log Failure Triggers Appropriate Response Mechanism<br />
To ensure that log system failure elicits an appropriate response,<br />
regular log failure tests should be performed:<br />
7.1.3. Operate Auditing Capabilities<br />
Once audit capabilities have been enabled, Agencies should analyze the<br />
information generated by these capabilities on an ongoing basis to ensure<br />
systems are being appropriately operated and that security is being<br />
maintained:<br />
7.1.3.1 Review Logs at Predetermined Intervals<br />
Logs are useful in the investigation <strong>of</strong> a previously discovered security<br />
incident and to discern previously undiscovered security incidents so<br />
regular log review should be performed<br />
7.1.3.2 Prioritize Log Entries for Investigation<br />
In order to streamline the investigation <strong>of</strong> events discovered during<br />
log review, all reviewed log entries should be assigned a prioritization.<br />
27