UIS.205.1T Information Security Audit Logging Implementation Guide

In support of UIS.205 Information Security Audit Logging Policy

Georgetown University has adopted the Security Audit and Accountability principles established in NIST SP 800-171 “Audit and Accountability” control guidelines as the official policy for this security domain. Each system administrator and system owner must adhere to the guidelines and procedures associated with this policy in order to support and be compliant with the University information security framework. 

  1. Audit Record  

    At a minimum, the following elements shall be identified within each audit record: 

    • Date and time when the event occurred 

    • Software/hardware component of the information system where the event occurred 

    • Source and destination network addresses 

    • Source and destination port or protocol identifiers 

    • Type of event that occurred 

    • Subject identity (e.g., user, device, process context) 

    • The outcome (i.e., success or failure) of the event 

    • Security-relevant actions associated with processing