AU-3 Content of Audit Records
Statement
West Texas A&M University information systems must produce audit records that contain sufficient information to, at a minimum, establish what type of event occurred, when the event occurred, where the event occurred, the source of the event, the outcome of the event, and the identity of any user associated with the event.
Applicability
This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.
Implementation
Information systems must be configured to provide centralized logging managed by IT. Monitoring is optional for Dev/Test servers with approval from the ISO.
Custodians shall ensure logging mechanisms are in place to record user activities, exceptions, and information security events, including:
- Date and time of the event.
- The software or hardware component of the information resource where the event occurred.
- Source of the event (e.g. network address);
- Location of the event
- Type of event that occurred.
- User/subject identity (user, device)
- The outcome (success or failure) of the event