ECAR-1 Audit Record Content – Public Systems
Overview
Audit records include: · User ID. · Successful and unsuccessful attempts to access security files. · Date and time of the event. · Type of event.
| MAC / CONF | Impact | Subject Area |
|---|---|---|
| PUBLIC | Low | Enclave Computing Environment |
Details
| Threat |
|---|
| Insufficient security related information recorded in the audit trails cannot support effective and efficient detection of security violations. This implementation guide is aimed to help system administrators implement proper audit configuration to provide effective detection of security problems. |
| Guidance |
|---|
| 1. The system administrator shall select security events within the auditing capability that can be provided by the system components in accordance with DISA STIGs for auditing related to operating system, database, and application. 2. The system administrator shall configure each audit event to record sufficient information in the audit trails such as date/time of the event, user ID, source, target, type of event, and success/failure. 3. The system administrator shall test the auditing capability to ensure that the audit trails record required security events; each event contains sufficient information to support security investigation; and the auditing capability does not affect system operations. |
References
- DISA Web Server STIG, 26 July 2004
- DISA Windows 2003 Security Checklist (draft), 10 December 2004
- DISA Windows 4.0 Security Checklist, 10 December 2004
- DISA Unix STIG, 15 September 2003
- DISA Solaris Security Checklist, 20 January 2004
- DISA Database STIG, 24 July 2004