AU-1: Audit and Accountability Policy and Procedures
NIST Baseline: Low
Privacy Baseline: Yes
DIR Required By: 07/20/2023
Review Date: 05/08/2024
Purpose –
The Audit and Accountability Policy and associated controls document the requirements for ensuring there are adequate event and transaction logs to account for, respond to, and minimize the impact of incidents that can impact Tarleton State University (Tarleton) information resources.
Scope and Roles –
This policy applies to information resources owned or managed by Tarleton. The intended audience includes the Tarleton Chief Information Officer (CIO), Chief Information Security Officer (CISO), information resource owners, information resource custodians, and all users of Tarleton information resources.
Compliance –
Audit and Accountability controls are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code §202.76 and Texas A&M University System Regulation 29.01.03, Information Security.
Implementation –
- The Tarleton CISO, in coordination with information resource owners, shall develop, document, and disseminate to units a set of controls that addresses the Audit and Accountability of information resources. These controls should:
- Address purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- Be consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.
- The CISO shall review and update the Audit and Accountability controls and supporting procedures as necessary.