![]() NSTSSI Security Education Standards |
6. Ensure audit trails are reviewed periodically (e.g., weekly, daily), and audit records are archived for future reference, if required a. Auditing Tools (1) Audit Trail and Logging E - follow audit policy and procedures; E - activate required audit features; E - review audit trail/log, as required; I - monitor the use of audit trails and logging; I - analyze audit trail/log for anomalies; I - report audit anomalies; A - develop policy and procedures on the use of audit trails and logging; and A - define required audit features. (2) Error Logs/System Logs E - follow policy and procedures; E - follow policy and procedures; E - review error logs/system logs, as required; I - monitor the use of error logs/system logs; I - analyze error logs/system logs for anomalies; I - report anomalies; and A - develop policy and procedures on the use of error logs/system logs. (3) Monitoring (a) Electronic Monitoring (EM) E - outline known means of electronic monitoring; and I - use results of EM reports. (b) Keystroke Monitoring E - outline keystroke monitoring policy and procedures; E - comply with keystroke monitoring policy and procedures; I - enforce the use of keystroke monitoring in compliance with policy; and A - develop keystroke monitoring policy and procedures in compliance with legal requirements. (4) Protective Technology (Note: not applicable to entry or intermediate level and must be monitored for events by the advanced level when applicable.) A - integrate the use of protective technology; and A - monitor the use of protective technology. (5) Automated Security Tools E - list and be able to identify by name various tools; I - integrate the use of automated security tools; and I - monitor the use of automated security tools. E - use expert system tools (i.e., audit reduction and intrusion detection) available; I - analyze results from expert systems and make recommendations for improvement; and A - evaluate products and recommend acquisition of expert systems tools to management. b. Configuration Management I - integrate IS security requirements into the configuration management program; I - review proposed changes to the configuration and recommend change based on security requirements; I - perform security testing prior to implementation ensuring changes made to the systems do not violate security policy; and I - require accountability of copyrighted software in accordance with software licensing agreements. c. Audit (1) Reconciliation E - monitor the reconciliation of audit logs. (2) Security Reviews E - monitor the use of security reviews; and I - prepare security reviews. (3) Metrics E - monitor the use of metrics. (4) Conformance Testing E - monitor conformance testing. (5) Contingency Plan Testing E - develop contingency plan testing procedures; and E - monitor contingency plan testing. (6) Disaster Recovery Plan Testing E - develop disaster recovery plan testing; and E - monitor disaster recovery plan testing. (7) Alarms, Signals, & Reports E - monitor the use of alarms, signals, and reports. (8) Periodic Review of Audit Trails I - direct the use of periodic reviews of audit trails. d. Policies (1) Change Control Policies E - develop change control policies; E - monitor change control policies; E - revise change control policies; and E - upgrade change control policies. (2) Agency Specific Security Policies E - monitor agency specific security policies; and E - develop agency specific security policies.