Restrict audit logs access to authorized personnel and maintain records that provide unique access accountability.
Monitor security audit logs to detect activity outside of typical or expected patterns. Establish and follow a defined process to review and take appropriate and timely actions on detected anomalies.
Use a reliable time source across all relevant information processing systems.
Establish, document and implement which information meta/data system events should be logged. Review and update the scope at least annually or whenever there is a change in the threat environment.
Generate audit records containing relevant security information.
The information system protects audit records from unauthorized access, modification, and deletion.
Establish and maintain a monitoring and internal reporting capability over the operations of cryptographic, encryption and key management policies, processes, procedures, and controls.
Log and monitor key lifecycle management events to enable auditing and reporting on usage of cryptographic keys.
Monitor and log physical access using an auditable access control system.
Define, implement and evaluate processes, procedures and technical measures for the reporting of anomalies and failures of the monitoring system and provide immediate notification to the accountable party.