AU-2 Event Logging

Last Review: 10/1/22


All West Texas A&M University information resources must be capable of auditing actions of users deemed necessary by the Information Security Officer (ISO).


This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.


  • Consistent with Control SI-4 Information System Monitoring, the university shall monitor the use of information systems, maintain security-related system logs, and retain logs in accordance with the university records retention schedule.
  • Information resource custodians shall ensure that information resources have the ability to audit and establish individual accountability for any action on an information resource that can potentially cause access to, generation of, modification of, or affect the release of sensitive or confidential information.
    • Appropriate audit trails shall be maintained to provide accountability for all changes to automated security or access rules.
    • The set of events that are routinely audited should be reviewed periodically to ensure the set is still necessary and sufficient to support after-the-fact investigations.
  • Audit logs shall be monitored and/or reviewed as risk management decisions warrant. A sufficiently complete history of transactions shall be maintained to permit an audit of the information resources by logging and tracing the activities of individuals through the system.
  • Alarm and alert functions, as well as audit logging of any firewalls and other network perimeter access control systems, shall be enabled.
  • Audit reports shall be reviewed for indications of intrusive activity. All suspected and/or confirmed instances of successful intrusions shall be immediately reported according to incident management outlined in Control IR-6 Incident Reporting.