Sample Auditing Standard:

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

Sample Auditing Standard

The Auditing Standard builds on the objectives established in the Sample Asset Protection Standard, and provides specific auditing and logging requirements including activation, protection, retention, and storage.

Objectives

  1. General
    1. The Company shall employ a centralized audit-logging scheme such that audit logs are securely written to a centralized log system.
    2. The centralized log system shall provide a mechanism for archiving audit logs in accordance with applicable legal and regulatory requirements.
    3. All Company servers, network devices, and multi-user systems shall receive time synchronization from a dedicated, central Company time source.
    4. Authorized personnel shall review audit logs to detect indications of, or patterns associated with malicious activity and take appropriate action or respond in accordance with the Threat Monitoring Standard and Incident Response Standard.
  2. Activation
    1. Auditing shall be enabled on all Company servers, network devices, and multi-user systems.
    2. Security changes, significant activity, and high-risk functions must be recorded.
    3. Audit records shall be generated for successful and/or failed attempts to:
      1. Log on or log off to the system
      2. Change User and Group Accounts
      3. Startup and shutdown the system
      4. Change security policy or configuration settings
      5. Backup or restore data
      6. Access sensitive information
    4. Audit records should include who, what, when and from where the recorded event or activity occurred.
  3. Protection
    1. Audit logs and records shall be protected to prevent deletion or alteration from unauthorized users.
    2. Access to the audit logs, audit records, and audit configuration settings shall be restricted to privileged accounts.
  4. Retention and Storage
    1. Audit logs must be stored on an alternate media prior to re-initialization.
    2. Each system will provide sufficient storage to ensure logs will not be overwritten during normal operating conditions and situations that generate logging activity 300% greater than normal system operating scenarios.
      1. Audit logs must be retained on-line for a time period defined by the Document Retention Schedule or otherwise defined by legal requirements which currently is thirteen (13) months.
      2. Security-related audit logs should be archived on read-only media, if possible, then secured and retained according to applicable legal and regulatory requirements.


Document Examples

Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.