Mechanisms exist to adjust the level of audit review, analysis and reporting based on evolving threat information from law enforcement, industry associations or other credible sources of threat intelligence.
Automated mechanisms exist to compile audit records into an organization-wide audit trail that is time-correlated.
Mechanisms exist to provide privileged users or roles the capability to change the auditing to be performed on specified information system components, based on specific event criteria within specified time thresholds.
Mechanisms exist to configure systems to produce event logs that contain sufficient information to, at a minimum: â–ª Establish what type of event occurred; â–ª When (date and time) the event occurred; â–ª Where the event occurred; â–ª The source of the event; â–ª The outcome (success or failure) of the event; and â–ª The identity of any user/subject associated with the event.
Mechanisms exist to protect sensitive/regulated data contained in log files.
Mechanisms exist to link system access to individual users or service accounts.
Mechanisms exist to log and review the actions of users and/or services with elevated privileges.
Mechanisms exist to verbosely log all traffic (both allowed and blocked) arriving at network boundary devices, including firewalls, Intrusion Detection / Prevention Systems (IDS/IPS) and inbound and outbound proxies.
Mechanisms exist to limit Personal Data (PD) contained in audit records to the elements identified in the data privacy risk assessment.
Mechanisms exist to centrally manage and configure the content required to be captured in audit records generated by organization-defined information system components.
Passcode