UIS.205 Information Security Audit Log Management Policy
The Georgetown University Information Services department has adopted the Security Audit and Accountability principles established in NIST SP 800-171 “Audit and Accountability” control guidelines as the official policy for this security domain.
This policy in intended to protect information and critical resources from threats, intrusions, and misuse; to ensure business continuity; and to minimize risk to the University’s information systems, data, and its faculty, staff, and students. Audit logs include network access logs, system logs, authentication logs, or any other data which correlate a network or system activity with a user and/or time.
The system audit logging policy and supporting requirements apply to all information technology assets, systems, networks, website content and data that are owned by, managed by and/or sponsored by the University.
This policy is also applicable to the faculty, staff, researchers, affiliates, suppliers, and students who own, operate, or maintain these systems for University business, academia, and research.
Logging must be enabled at the operating system, application and database, and device levels for all University information systems that create, process, maintain, transmit, or store University data classified as restricted or private.
Audit log management ensures that there is accurate and regular collection of system information to assist in detecting security violations, unauthorized data disclosures as well as performance problems and application flaws. These audit logs can account for, respond to, and minimize the impact of incidents that can impact the University’s information systems. Failure to collect, protect, and make these logs available can result in the loss of data integrity, unavailability of data, and/or unauthorized use of data or information systems critical to the operation and mission of the University.
NIST 800-171 3.3 | CIS Control 6 June 2019