Description

This Control addresses how information resources generate audit records containing information that establishes what type of event occurred, when the event occurred, where the event occurred, the source of the event, the outcome of the event, and the identity of any individuals or subjects associated with the event.

Applicability

  • This Control applies to all Texas A&M University information resources containing Critical, Confidential, or University-Internal data. The intended audience is information resource custodians who are responsible for the installation of new information resources, the operations of existing information resources, and individuals accountable for information resources security.

Implementation

  • 1

    The information resource custodian shall ensure logging mechanisms are in place to record user activities, exceptions, and information security events, including:

    • 1.1

      Date and time of the event;

    • 1.2

      The software or hardware component of the information resource where the event occurred;

    • 1.3

      Source of the event (e.g. network address);

    • 1.4

      Type of event that occurred;

    • 1.5

      User/subject identity (user, device); and

    • 1.6

      The outcome (success or failure) of the event.