T3.6.2 - AUDIT LOGGING Implementation Guidance
The entity shall produce and keep audit logs recording user activities, exceptions, and information security events.
Back to T3.6.2 - P2 - AUDIT LOGGING
Entities should log local and remote access (including failed attempts) to and from all hardware devices, operating systems and installed applications, ensuring that logs include a date, timestamp, source addresses, destination addresses, and various other useful elements of each packet and/or transaction.
Audit logs should include, when relevant:
- A. User IDs
- B. Dates, times, and details of key events, e.g. log-on and log-off
- C. Terminal identity or location if possible
- D. Records of successful and rejected system access attempts
- E. Records of successful and rejected data and other resource access attempts
- F. Changes to system configuration
- G. Use of privileges
- H. Use of system utilities and applications
- I. Files accessed and the kind of access
- J. Network addresses and protocols
- K. Alarms raised by the access control system
- L. Activation and de-activation of protection systems, such as anti-virus systems and intrusion detection systems
Back to T3.6.2 - P2 - AUDIT LOGGING
