 NSTSSI Security Education Standards |
| NSTSSI Security Education Standards |
6. Ensure audit trails are reviewed periodically (e.g., weekly, daily), and audit records are
archived for future reference, if required
a. Auditing Tools
(1) Audit Trail and Logging
E - follow audit policy and procedures;
E - activate required audit features;
E - review audit trail/log, as required;
I - monitor the use of audit trails and logging;
I - analyze audit trail/log for anomalies;
I - report audit anomalies;
A - develop policy and procedures on the use of audit trails and logging; and
A - define required audit features.
(2) Error Logs/System Logs
E - follow policy and procedures;
E - follow policy and procedures;
E - review error logs/system logs, as required;
I - monitor the use of error logs/system logs;
I - analyze error logs/system logs for anomalies;
I - report anomalies; and
A - develop policy and procedures on the use of error logs/system logs.
(3) Monitoring
(a) Electronic Monitoring (EM)
E - outline known means of electronic monitoring; and
I - use results of EM reports.
(b) Keystroke Monitoring
E - outline keystroke monitoring policy and procedures;
E - comply with keystroke monitoring policy and procedures;
I - enforce the use of keystroke monitoring in compliance with policy;
and
A - develop keystroke monitoring policy and procedures in compliance
with legal requirements.
(4) Protective Technology
(Note: not applicable to entry or intermediate level and must be monitored for
events by the advanced level when applicable.)
A - integrate the use of protective technology; and
A - monitor the use of protective technology.
(5) Automated Security Tools
E - list and be able to identify by name various tools;
I - integrate the use of automated security tools; and
I - monitor the use of automated security tools.
E - use expert system tools (i.e., audit reduction and intrusion detection)
available;
I - analyze results from expert systems and make recommendations for
improvement; and
A - evaluate products and recommend acquisition of expert systems tools to
management.
b. Configuration Management
I - integrate IS security requirements into the configuration management
program;
I - review proposed changes to the configuration and recommend change
based on security requirements;
I - perform security testing prior to implementation ensuring changes made
to the systems do not violate security policy; and
I - require accountability of copyrighted software in accordance with software
licensing agreements.
c. Audit
(1) Reconciliation
E - monitor the reconciliation of audit logs.
(2) Security Reviews
E - monitor the use of security reviews; and
I - prepare security reviews.
(3) Metrics
E - monitor the use of metrics.
(4) Conformance Testing
E - monitor conformance testing.
(5) Contingency Plan Testing
E - develop contingency plan testing procedures; and
E - monitor contingency plan testing.
(6) Disaster Recovery Plan Testing
E - develop disaster recovery plan testing; and
E - monitor disaster recovery plan testing.
(7) Alarms, Signals, & Reports
E - monitor the use of alarms, signals, and reports.
(8) Periodic Review of Audit Trails
I - direct the use of periodic reviews of audit trails.
d. Policies
(1) Change Control Policies
E - develop change control policies;
E - monitor change control policies;
E - revise change control policies; and
E - upgrade change control policies.
(2) Agency Specific Security Policies
E - monitor agency specific security policies; and
E - develop agency specific security policies.