Audit and Accountability
This is the third of a fourteen piece blog series intended to describe how Ascolta Greenfield environments achieve National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Revision 1, Protecting Controlled Unclassified Information in Non-federal Systems,compliance. This entry covers the controls contained in the Audit and Accountability Policy and Procedures family.
What is it?
An audit is an independent review and examination of records and activities to assess the adequacy of system requirements and ensure compliance with established policies and operational procedures.📷An audit trail is a record of individuals who have accessed a system as well as what operations the user has performed during a given period. Audit trails maintain a record of system activity both by system and application processes and by user activity of systems and applications. In conjunction with appropriate tools and procedures, audit trails can assist in detecting security violations, performance issues, and flaws in applications.Audit trails may be used as a support for regular system operations, a kind of insurance policy, or both. As insurance, audit trails are maintained but not used unless needed (e.g., after a system outage). As a support for operations, audit trails are used to help system administrators ensure that the system or resources have not been harmed by hackers, insiders, or technical problems. Examples of audit and accountability requirements include: audit events, time stamps, non-repudiation, protection of audit information, audit record retention, and session audit.
How does Greenfield solve it?
Greenfield provides Audit and Accountability by utilizing a mix of 1st and 3rd party solutions. We identify the appropriate list of auditable events to be implemented and periodically review and update them. The Greenfield environment is configured from creation to adequately protect, store and backup audit data generated by the system and users, and to retain it to support after-the-fact investigations of security incidents, and meet regulatory and organizational information retention requirements.Greenfield is configured to notify administrators of audit log failures within the operating system and client administrators are responsible for responding to audit failures within their instances. Additionally, client administrators are responsible for adjusting the level of their auditing in response to changes in risk and for reviewing audit logs generated by their Greenfield account, as well as logs generated by any applications hosted in Greenfield.Client administrators will be able to view logs utilizing a centralized logging solution complete with a means of analyzing their audit logs. The Greenfield System is configured to ensure the system protects audit information and audit tools from unauthorized access, modification, and/or deletion.📷