IT Security Standard: Computing Devices - Logging


All Devices with Operating System Configuration Access

  • Audit logs recording user activities and information security events must be kept and reviewed as defined for this device.
  • Log information must include, but is not limited to:
    • Date/time/details of key events (e.g. log-on/log-off)
    • Use of privileged accounts (e.g. supervisor, root, administrator)
    • Successful and rejected system or user access attempts
    • System and/or application start-up and stop
    • System alerts
    • Changes to or attempts to change system security settings.
  • Log information must be protected against tampering and unauthorized access.

High Risk Enterprise Computing Devices

  • Logs must be reviewed based on the process for monitoring activity and responding to information security events.
  • Logs must be retained on a computer separate from the computing device generating the log.

All Devices

  • Retain system logs for at least 90 days but not longer than six months unless a longer retention period is needed for specific business processes.
  • Retain logs on a computer separate from the computing device generating the log.


Continue to Encryption and Configuration Audits | Return to Table of Contents

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000


Did you know?

Stay Safe Online Tips