Statement

All West Texas A&M University information resources must be capable of auditing actions of users deemed necessary by the Information Security Officer (ISO).

Applicability

This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.

Implementation

• Custodians shall ensure systems are configured to provide audit record generation capability for the list of auditable events defined in control AU-2 Event Logging on systems within their control including but not limited to end user devices (desktop or laptop computers), servers, and network components (switches, routers, firewalls, wireless access points).
• Custodians shall work with the security office to determine which auditable events are to be audited by specific components of the information system
• Custodians shall ensure systems generate audit records for the events defined in control AU-2 Event Logging with the content defined in control AU-3 Content of Audit Records.