{"id":818,"date":"2024-04-24T17:28:36","date_gmt":"2024-04-24T17:28:36","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=818"},"modified":"2024-09-06T21:35:23","modified_gmt":"2024-09-06T21:35:23","slug":"au-1-policy-and-procedures","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/audit-and-accountability-au\/au-1-policy-and-procedures\/","title":{"rendered":"AU-1: Audit and Accountability Policy and Procedures"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">AU-1: Audit and Accountability Policy and Procedures<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: &nbsp;<\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Privacy Baseline:<\/strong> &nbsp;Yes&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By: &nbsp;<\/strong>07\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: &nbsp;<\/strong>05\/08\/2024&nbsp;<\/h2>\n\n\n\n<hr class=\"wp-block-separator has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>Purpose &#8211;&nbsp;<\/strong>&nbsp;<\/h3>\n\n\n\n<p>The Audit and Accountability Policy and associated controls document the requirements for ensuring there are adequate event and transaction logs to account for, respond to, and minimize the impact of incidents that can impact Tarleton State University (Tarleton) information resources.&nbsp;&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>Scope and Roles &#8211;<\/strong>&nbsp;&nbsp;<\/h3>\n\n\n\n<p>This policy applies to information resources owned or managed by Tarleton. The intended audience includes the Tarleton Chief Information Officer (CIO), Chief Information Security Officer (CISO), information resource owners, information resource custodians, and all users of Tarleton information resources.&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide border-top: solid 10px\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>Compliance &#8211;&nbsp;<\/strong>&nbsp;<\/h3>\n\n\n\n<p>Audit and Accountability controls are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code <a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=76\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a7202.76<\/a> and Texas A&amp;M University System <a href=\"https:\/\/policies.tamus.edu\/29-01-03.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Regulation 29.01.03, Information Security<\/a>.\u00a0\u00a0\u00a0<\/p>\n\n\n\n<hr class=\"wp-block-separator has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>Implementation &#8211;&nbsp;<\/strong>&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>The Tarleton CISO, in coordination with information resource owners, shall develop, document, and disseminate to units a set of controls that addresses the Audit and Accountability of information resources.&nbsp; These controls should:&nbsp;\n<ul class=\"wp-block-list\">\n<li>Address purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and&nbsp;<\/li>\n\n\n\n<li>Be consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>The CISO shall review and update the Audit and Accountability controls and supporting procedures as necessary.&nbsp;<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>References\/Additional Resources<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=24#:~:text=%C2%A0%C2%A0(2)%20policies%2C%20controls%2C%20standards%2C%20and%20procedures%20that%3A\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.24 (a)(2)<\/a>&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=74#:~:text=%C2%A0(2)%20policies%2C%20controls%2C%20standards%2C%20and%20procedures%20that%3A\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.74 (a)(2)<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>AU-1: Audit and Accountability Policy and Procedures NIST Baseline: &nbsp;Low&nbsp; Privacy Baseline: &nbsp;Yes&nbsp; DIR Required By: &nbsp;07\/20\/2023&nbsp; Review Date: &nbsp;05\/08\/2024&nbsp; Purpose &#8211;&nbsp;&nbsp; The Audit and Accountability Policy and associated controls &#8230;<\/p>\n","protected":false},"author":62,"featured_media":580,"parent":784,"menu_order":2,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-818","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/kyle-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"kyle"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on April 24, 2024","modified":"Updated on September 6, 2024"},"absolute_dates_time":{"created":"Posted on April 24, 2024 5:28 pm","modified":"Updated on September 6, 2024 9:35 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/818","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=818"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/818\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/784"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}