Audit and Reporting function is used to validate that users’ access to the organization’s computing resources is controlled per organization’s security policies.
Generic Functional Requirements
Identifying Audit worthy events, such as Add/Change/Delete to:
Administrative activities (User accounts and Access Policies)
User logins and Application access
Application services availability
Method and procedure for logging events
Logging method (SNMP, Syslog, etc.)
Server location
Analytics for consolidated event data
Dependent on the Regulatory Agency’s requirements
Standards Support and Integration Considerations
Key Design Considerations
Event data management is easier if two key principals are followed:
All sub-systems must follow a consistent event format
All events must be in ASCII to improve readability