AU-2: Event Logging
NIST Baseline: Low
Privacy Baseline: Yes
DIR Required By: 07/20/2023
Review Date: 05/08/2024
- Information resources must keep security-related event logs that establish individual accountability for actions that can potentially threaten the confidentiality, integrity, or availability of the information resource.
- Based on periodic risk assessments, information resource custodians, and the Tarleton Chief Information Security Officer (CISO) are responsible for ensuring that information systems log a sufficiently complete history of transactions to support an after-the-fact investigation by logging and tracing the activities of individuals through the system.
- The Tarleton CISO or their designee is responsible for reviewing and updating the event types selected for logging periodically.
- The types of events that require logging include:
- Any action that can potentially cause access to, creation of, modification of, or affect the release of Confidential or Controlled information.
- Any significant event that is relevant to the security of systems, including password changes, failed logons, failed access events, security or privacy attribute changes, administrative privilege usage, all changes to automated security or access rules.
- Updates to High Impact Information Resources.
- Information resource custodians and the Tarleton Office of Innovative Technology Solutions (OITS) Security Team must coordinate event logging functions with each other.