Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
7 System Audit<br />
Section 7.1 constitutes the State <strong>of</strong> Kansas’ System Audit <strong>Policy</strong>. This policy is accompanied<br />
by defined System Audit Non-Mandatory Procedures and Baselines that are distributed in a<br />
companion document.<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
7. Systems Audit <br />
7.1. Systems Audit<br />
7.1.1. Configure Auditing Capabilities (4 sets) (3 sets)<br />
7.1.2. Test Auditing Capabilities (3 sets) (2 sets)<br />
7.1.3. Operate Auditing Capabilities (5 sets) (3 sets)<br />
7.1 System Audit<br />
The State <strong>of</strong> Kansas requires that all information systems be configured such that they<br />
can be audited on an as-needed basis. This will be achieved through the use <strong>of</strong><br />
information logging systems that can either be inherent or accessory to the<br />
information systems.<br />
System audit is used to determine if inappropriate actions, either intentional or<br />
unintentional, have occurred within the information system. Without system audits it<br />
can be difficult, if not impossible, to determine when a failure <strong>of</strong> the information<br />
system security or a breach <strong>of</strong> the information systems itself has occurred, the<br />
magnitude <strong>of</strong> the breach or failure, and the details <strong>of</strong> that breach or failure.<br />
Information systems shall be configured to record, at a minimum, all system access<br />
events as well as all system administration events. The following specific data points<br />
will be collected:<br />
• Date <strong>of</strong> the event<br />
• Time <strong>of</strong> the event<br />
• Component <strong>of</strong> the information system affected by the event<br />
• Identity <strong>of</strong> the user that triggered the event<br />
• Outcome <strong>of</strong> the event where available<br />
In addition to the above minimum data collection requirements, information systems<br />
must have the ability to capture additional information should it be required.<br />
To ensure that time recordings are <strong>of</strong> the utmost relevance, all information systems,<br />
including the audit system if an accessory audit system is used, will be time<br />
synchronized with a common source on at least a daily basis.<br />
Information systems are to be provided with sufficient primary (on-line) storage to<br />
retain a pre-defined time period’s worth <strong>of</strong> log data and sufficient secondary (<strong>of</strong>f-line)<br />
storage to retain a second pre-defined time period’s worth <strong>of</strong> data. If primary storage<br />
capacity is exceeded, the information system shall be configured to immediately notify<br />
appropriate administrative personnel and continue logging by over-writing the oldest<br />
24