Standard:
YALE-MSS-13.4: Collect and review all source system activity logs
YALE-MSS-13.4.2: Collect log data needed for Information System Activity Review
Low Risk Endpoint
Not Required
Moderate Risk Endpoint
Not Required
High Risk Endpoint
Not Required
Low Risk Server
Not Required
Moderate Risk Server
Not Required
High Risk Server
Required for HIPAA
Low Risk Mobile Device
Not Required
Moderate Risk Mobile Device
Not Required
High Risk Mobile Device
Not Required
Low Risk Network Printer
Not Required
Moderate Risk Network Printer
Not Required
High Risk Network Printer
Not Required
Details
Log and audit messages must contain a minimum of:
- unique timestamp
- system name
- user or daemon where applicable
- resulting message
Policy 5142 states that his process may include a review of the following types of system activity information either as a full review or as a spot check or sampling: Review of Security Incidents Response reports, system user privileges grants and changes logs, user-level system access logs*, user-level system activity logs*, user-level transaction log reports*, exception reports
* = if available