Statement

West Texas A&M University information system must protect audit information and audit tools from unauthorized access, modification, and deletion.

Applicability

This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.

Implementation

• Access to all centralized audit logs shall be restricted to users with administrative permissions. This includes access to any log collection servers. Administrative permissions are controlled by the security office.
• Wherever possible log servers should issue automated alerts for any modified or deleted system log, these alerts should include at a minimum the Custodian, and ISO.