About this requirement
Date of last update:
04/15/2024Requirement Statement
All servers on the College networks will employ secure logging that meets the following requirements per IU IT Policy IT-12
- Logging all successful system logins and failed attempts
- Logging all failed file accesses
- Logging all successful file accesses for sensitive data
- Daily reporting and review of this data
All log data will be transmitted via encrypted channels to secure central servers to ensure that data cannot be erased or altered on a local server. All log data will retained for a minimum of 60 days.
Exceptions to Requirement
Given the unique computing requirements of computing research being done within the school, systems may need to run operating systems and software not supported by the College IT Research, Infrastructure, and Support group. Such cases are governed by the IT Requirement: Administrator and Self-Managed Systems and College IT Research, Infrastructure, and Support staff will work with system managers to ensure compliance with this logging policy. Exceptions require approval of the Leader for College IT Research, Infrastructure, and Support and the Leader for College Information Security & Policy and exceptions will not be granted for any system that stores, transmits, or manipulates Institutional Data (Critical/Restricted/University-Internal) of any kind.
Procedures
The following methods are approved for use to meet the logging requirements:
UITS Log-ALERT - UITS provides a logging system approved for use by IU Audit which is managed per Log-ALERT with Elastic