Audit logging
The audit logging recommendations come from the following resource: https://acsc.gov.au/publications/Information_Security_Manual_2017_Controls.pdf
Standard | Priority | Assessment | Action/Status |
---|---|---|---|
Control: 0582; Revision: 4; Updated: Apr-15; Applicability: UD, P, C, S; Compliance: should; Authority: AA. Agencies should log, at minimum, the following events for all software components all privileged operations, successful and failed elevation of privileges, security related system alerts and failures, user and group additions, deletions and modification to permissions, unauthorised access attempts to critical systems and files. | ISM: Should | ||
Control: 1176; Revision: 1; Updated: Sep-12; Applicability: UD, P; Compliance: should; Authority: AA. Agencies should log the following events for any system requiring authentication: logons, failed logon attempts, logoffs. | ISM: Should | ||
Control: 0987; Revision: 5; Updated: Apr-15; Applicability: UD, P, C, S, TS; Compliance: should; Authority: AA. The events listed below should be logged. Access to particularly sensitive information; Addition of new users, especially privileged users; Any query containing comments; Any query containing multiple embedded queries; Any query or database alerts or failures; Attempts to elevate privileges; Attempted access that is successful or unsuccessful; Changes to the database structure; Changes to user roles or database permissions; Database administrator actions; Database logons and logoffs; Modifications to data; Use of executable commands e.g. xp_cmdshell. | ISM: Should |
ISM13. Event Details
Standard | Priority | Assessment | Action/Status |
---|---|---|---|
Control: 0585; Revision: 3; Updated: Apr-15; Applicability: UD, P, C, S, TS; Compliance: must; Authority: AA. For each event logged, agencies must ensure that the logging facility records the following details, where applicable: date and time of the event, relevant users or process, event description, success or failure of the event, event source e.g. application name, ICT equipment location/identification. | ISM: Must |