Laserfiche WebLink
Security Policies and Procedures <br />XIX. Change Control Logs <br />A. Preface <br />The ISO is required to maintain logs of systems that document any changes and access <br />users may have to sensitive systems. The following are the retention policies for these <br />logs. <br />B. Policy <br />Audit logs will be retained for at least one (1) year in raw format, preferably electronic, <br />to preserve evidence. Audit logs must be configured to prevent overflow, erasure or <br />tampering. Audit logs will be configured to record information such that: <br />1. Sufficient information is available for proper investigation of use, misuse, <br />incidents and performance <br />2. User ID, event type, date and time are maintained <br />3. Time is according to a known time stamp so that events across systems can <br />be coordinated <br />4. End -to -end accountability is always maintained <br />Events to be recorded include, but are not limited to: <br />1. Login and activity by any other privileged accounts <br />2. Changes to operating systems, application code or other tools <br />3. Backup and restore events <br />4. Changes affecting any cryptographic keys or devices <br />5. Stop or start of critical processes <br />6. Transaction failure, retry or duplication <br />All systems and tools involved in the protection process are required to always have <br />change logs enabled and properly configured. This includes: <br />1. Firewalls <br />2. Email servers <br />3. Anti-malware tools especially the administration tools <br />4. Security administration tools such as password resets and account <br />modifications <br />5. Monitoring tools <br />6. Routers and other network devices <br />7. Github <br />8. Amazon Web Servers (AWS) <br />38 <br />Rev.2015.8.6 <br />