Policy Reference


Category Monitoring and Reporting
Approval Date  01-29-2010
Scope All Personnel

 

Purpose

The purpose of system activity and event logging is to ensure that computer resources are being utilized in an authorized manner,to proactively identify any potential unauthorized internal or external use and to provide an audit trail of changes to system configurations and data.


Policy

  1. The City must track utilization via system audit logs and provide a procedure for the maintenance of the events being audited.
  2. Logging will be enabled and set to address the minimum logging standard unless that capability is not readily available within the system.
  3. ITS  will implement procedures to regularly review records of information system activity, such as audit logs, intrusion reports, access logs, and security incident tracking reports.
  4. ITS  will maintain procedures and standards for system event logging which will include:
    1. Synchronize system clocks for accuracy in logging events.
    2. Log user identification information.
    3. Ensure audit  logs contain a time-stamp which tracks user activity.
    4. Log success  or failure of each event and provide alerts on failure.
    5. Identify  and log the type of activity/event.
    6. Log  the originating source of the event.
    7. Uniquely  identify individual logs on specific assets.
    8. Log the  use of identification and authentication systems.
    9. Log access to all recorded audit trails to ensure the integrity of the monitoring system
  •  

Compliance

 

  1. The organization must ensure all system components record the origin of each event. § 10.3.5, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 1.2
  2. The audit log must record all authentication failures and violations. § 6.2.1, DISA Secure Remote Computing Security Technical Implementation Guide version 1.2, Version 1, Release 2
  3. An automated audit trail should be implemented to track and monitor access to the application. Disabling the logs should not be done and could result in noncompliance. § 4.2, Payment Card Industry (PCI) Payment Application Data Security Standard, Version 1.1
  4. The status of the information security program should be monitored regularly and reported on to top management. The data generated during the monitoring process should be used to measure the effectiveness of the information security program. Automated monitoring software should be used to monitor the performance of the system and network. The individuals responsible for the management of security logs should set policy, define roles and responsibilities, and determine the frequency and content of reports.   SM7.2.1, SM7.2.8, CI1.4.1(c), CI2.2.3, NW3.1.1(c), NW5.3.4, UE5.2.2(d), UE5.3.2(d), UE5.4.3(d), UE5.4.5, UE5.5.2(d), UE5.6.2(d), The Standard of Good Practice for Information Security