Article 59 – Audit and Accountability Policy
49160.4 Policy Directives
-
Department Owners of Information Assets in collaboration with Information Asset Custodians and the department Information Security Officer (ISOInformation Security Officer) shall develop and implement an event logging and continuous monitoring strategy of access and activities conducted using department information assets. This strategy shall include, at a minimum, the following items:
-
Define and document the audit logging requirements and security events that shall be recorded, monitored, and reviewed.
-
Identify and implement controls for audit trails and auditability of events for each system as well as for the internal network, accounting for segregation of duties, as appropriate.
-
Perform, at minimum, monthly monitoring of event logs of critical information assets to identify and respond to indicators of attacks, anomalies, and suspicious or inappropriate activities in a timely manner.
-
Define secure storage and retention of event logs.
-
Clearly define roles and responsibilities for event logging and monitoring.
-