Skip to content

Instantly share code, notes, and snippets.

@bengolder
Last active July 27, 2017 18:51
Show Gist options
  • Save bengolder/6cd23f0ebff741c79b6b39b45d3e5a56 to your computer and use it in GitHub Desktop.
Save bengolder/6cd23f0ebff741c79b6b39b45d3e5a56 to your computer and use it in GitHub Desktop.
CJIS Audit Logging Requirements

Event Types

The following events shall be logged:

  1. Successful and unsuccessful system log-on attempts.

  2. Successful and unsuccessful attempts to use:

    1. access permission on a user account, file, directory or other system resource;
    2. create permission on a user account, file, directory or other system resource;
    3. write permission on a user account, file, directory or other system resource;
    4. delete permission on a user account, file, directory or other system resource;
    5. change permission on a user account, file, directory or other system resource.
  3. Successful and unsuccessful attempts to change account passwords.

  4. Successful and unsuccessful actions by privileged accounts.

  5. Successful and unsuccessful attempts for users to:

    1. access the audit log file;
    2. modify the audit log file;
    3. destroy the audit log file.

Content

The following content shall be included with every audited event:

  1. Date and time of the event.
  2. The component of the information system (e.g., software component, hardware component) where the event occurred.
  3. Type of event.
  4. User/subject identity.
  5. Outcome (success or failure) of the event.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment