AU

APP088: Audit Log Protection and Integrity.

Does the application prevent unauthorized access and modifications to the audit logs to ensure that logs cannot be overwritten or modified by the system users whose activity they track?

Guidance: Audit Log Protection and Integrity. Does the application prevent unauthorized access and modifications to the audit logs to ensure that logs cannot be overwritten or modified by the system users whose activity they track?

a. During initiation and shutdown.

b. In storage and during transmission.

The mechanism for protecting the integrity of the logs must be commensurate with the risk and criticality of the system.

A common control is to send events in [near] real time to a remote log host. This is a function built into syslog. Third party products such as eTrust Audit and Arcsight also provide this functionality.

Replies
  • JE

    Users can not modify the application log. Here's an example of the Log Viewer, and as shown no command buttons are present that will allow a user to modify it:

    For comparison, here is a page that allows users to modify information, in this case report definitions. As seen the program presents to the user command buttons in the bottom toolbar which can be selected for this purpose:


    Additional References: Log Viewer

Please Sign In to submit new tickets or to reply to existing ones.

Ticket ID

T-00012

Created

January 21, 2021 05:46 PM

Product

QuickView