{"id":847,"date":"2024-05-29T18:25:05","date_gmt":"2024-05-29T18:25:05","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=847"},"modified":"2024-09-06T21:34:52","modified_gmt":"2024-09-06T21:34:52","slug":"au-2-event-logging","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/audit-and-accountability-au\/au-2-event-logging\/","title":{"rendered":"AU-2: Event Logging\u00a0\u00a0"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">AU-2: Event Logging&nbsp;&nbsp;<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: &nbsp;<\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Privacy Baseline:<\/strong> &nbsp;Yes&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By: &nbsp;<\/strong>07\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: &nbsp;<\/strong>05\/08\/2024&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>Information resources must keep security-related event logs that establish individual accountability for actions that can potentially threaten the confidentiality, integrity, or availability of the information resource.&nbsp;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Based on periodic risk assessments, information resource custodians, and the Tarleton Chief Information Security Officer (CISO) are responsible for ensuring that information systems log a sufficiently complete history of transactions to support an after-the-fact investigation by logging and tracing the activities of individuals through the system.&nbsp;&nbsp;<\/li>\n\n\n\n<li>The Tarleton CISO or their designee is responsible for reviewing and updating the event types selected for logging periodically.&nbsp;&nbsp;<\/li>\n\n\n\n<li>The types of events that require logging include:&nbsp;&nbsp;\n<ul class=\"wp-block-list\">\n<li>Any action that can potentially cause access to, creation of, modification of, or affect the release of Confidential or Controlled information.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Any significant event that is relevant to the security of systems, including password changes, failed logons, failed access events, security or privacy attribute changes, administrative privilege usage, all changes to automated security or access rules.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Updates to High Impact Information Resources.&nbsp;&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Information resource custodians and the Tarleton Office of Innovative Technology Solutions (OITS) Security Team must coordinate event logging functions with each other.&nbsp;<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>References\/Additional Resources<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=25#:~:text=A%20risk%20assessment%20of%20the%20agencies%27%20information%20and%20information%20systems%20shall%20be%20performed%20and%20documented.\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.25<\/a>&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=75#:~:text=A%20risk%20assessment%20of%20the%20institution%27s%20information%2C%20information%20systems%2C%20and%20applications%20shall%20be%20performed%20and%20documented.\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.75<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>AU-2: Event Logging&nbsp;&nbsp; NIST Baseline: &nbsp;Low&nbsp; Privacy Baseline: &nbsp;Yes&nbsp; DIR Required By: &nbsp;07\/20\/2023&nbsp; Review Date: &nbsp;05\/08\/2024&nbsp; References\/Additional Resources 1 TAC \u00a7 202.25&nbsp;&nbsp; 1 TAC \u00a7 202.75&nbsp;<\/p>\n","protected":false},"author":62,"featured_media":580,"parent":784,"menu_order":2,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-847","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/kyle-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"kyle"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on May 29, 2024","modified":"Updated on September 6, 2024"},"absolute_dates_time":{"created":"Posted on May 29, 2024 6:25 pm","modified":"Updated on September 6, 2024 9:34 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/847","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=847"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/847\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/784"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=847"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}