Difference between revisions of "Audit trail"
Shawndouglas (talk | contribs) m (Added cat) |
Shawndouglas (talk | contribs) (Updated and added to content) |
||
Line 1: | Line 1: | ||
An '''audit trail''' is a security-relevant chronological record, set of records, or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.<ref>{{cite web |url=http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf |title=National Information Assurance (IA) Glossary |publisher=Committee on National Security Systems |pages=4 |date= | An '''audit trail''' is a security-relevant chronological record, set of records, or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.<ref>{{cite web |url=http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf |archiveurl=https://web.archive.org/web/20120415010047/http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf |format=PDF |title=National Information Assurance (IA) Glossary |publisher=Committee on National Security Systems |pages=4 |date=26 April 2010 |archivedate=15 April 2012 |accessdate=05 January 2022}}</ref><ref>{{cite web |url=http://www.atis.org/glossary/definition.aspx?id=5572 |archiveurl=https://web.archive.org/web/20130313232104/https://www.atis.org/glossary/definition.aspx?id=5572 |title=ATIS Telecom Glossary 2012 - audit trail |publisher=ATIS Committee PRQC |date=2012 |archivedate=13 March 2013 |accessdate=05 January 2022}}</ref><ref name="NISTAuditTrail">{{cite web |url=https://csrc.nist.gov/csrc/media/publications/shared/documents/itl-bulletin/itlbul1997-03.txt |format=TXT |title=Audit Trails |publisher=National Institute for Standardization |date=March 1997 |accessdate=05 January 2022}}</ref> It may be composed of manual or computerized records of events and [[information]], or both. | ||
An audit trail includes an unambiguous record of events — either individually, or in blocks of temporally connected changes — associated with an individual user (or if changes are created automatically by the system, this must be indicated) and the date and time the change occurred (e.g., by the use of a time zone or reference to GMT). The process that creates an audit trail often run in privileged mode so it can access and supervise all actions from all users and disallow normal users from accessing the audit trail. Another way of handling this issue is through the use of a role-based security model in the software.<ref>{{cite book |title=Insider computer fraud: an in-depth framework for detecting and defending against insider IT attacks |author=Brancik, Kenneth C. |chapter=Chapter 2: Related Research in Insider Computer Fraud and Information Security Controls |year=2007 |pages=18–19 |publisher=CRC Press |url= | An audit trail includes an unambiguous record of events — either individually, or in blocks of temporally connected changes — associated with an individual user (or if changes are created automatically by the system, this must be indicated) and the date and time the change occurred (e.g., by the use of a time zone or reference to GMT). The process that creates an audit trail often run in privileged mode so it can access and supervise all actions from all users and disallow normal users from accessing the audit trail. Another way of handling this issue is through the use of a role-based security model in the software.<ref>{{cite book |title=Insider computer fraud: an in-depth framework for detecting and defending against insider IT attacks |author=Brancik, Kenneth C. |chapter=Chapter 2: Related Research in Insider Computer Fraud and Information Security Controls |year=2007 |pages=18–19 |publisher=CRC Press |url=https://books.google.com/books?id=lsDngU-RUywC&hl |isbn=1420046594}}</ref> | ||
Audit trails are recommended or mandated in various guidance, standards, and regulations, including: | |||
* 21 CFR Part 211: mentioned at various points, including at section 68, 100, 160, 188, and 194<ref name="FDA21CFRPart211">{{cite web |url=https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=211 |title=Code of Federal Regulations Title 21 Part 211 Current Good Manufacturing Practice for Finished Pharmaceuticals |publisher=U.S. Food and Drug Administration |date=01 October 2021 |accessdate=05 January 2022}}</ref> | |||
* [[ASTM E1578]]: "The laboratory informatics solution should have validated electronic audit trails that record information about each transaction, both for initial entries as well as modifications to entries."<ref name="ASTME1578-18">{{cite web |url=https://www.astm.org/e1578-18.html |title=ASTM E1578-18 Standard Guide for Laboratory Informatics |publisher=ASTM International |date=23 August 2019 |accessdate=05 January 2022}}</ref> | |||
* CJIS Security Policy: "...shall produce, at the application and/or operating system level, audit records containing sufficient information to establish what events occurred, the sources of the events, and the outcomes of the events"<ref name="CJISSec20">{{cite web |url=https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center |title=Criminal Justice Information Services (CJIS) Security Policy |publisher=U.S. Department of Justice |date=01 June 2020 |accessdate=05 January 2022}}</ref> | |||
* E.U. Commission Directive 2003/94/EC: "... and audit trails shall be maintained"<ref name="OJEU2003_94_EC">{{cite web |url=https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2003:262:0022:0026:en:PDF |format=PDF |title=Commission Directive 2003/94/ED |work=Official Journal of the European Union |date=08 October 2003 |accessdate=05 January 2022}}</ref> | |||
* [[ISO 15189]]: "Ensures the integrity of the data and information and includes the recording of system failures and the appropriate immediate and corrective actions" and is "in compliance with national or international requirements regarding data protection"<ref name="ISO15189">{{cite web |url=https://www.iso.org/standard/56115.html |title=ISO 15189:2012 Medical laboratories — Requirements for quality and competence |publisher=International Organization for Standardization |date=November 2012 |accessdate=05 January 2022}}</ref> | |||
* NIST SP 800-53 Rev. 5: "Ensure that audit records contain information that establishes" a variety of "indicators of event success or failure"<ref name="NIST800-53Rev5">{{cite web |url=https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf |format=PDF |title=NIST Special Publication 800-53 Revision 5: Security and Privacy Controls for Information Systems and Organizations |publisher=National Institute of Standards and Technology |date=September 2020 |accessdate=05 January 2022}}</ref> | |||
==References== | ==References== | ||
{{Reflist|colwidth=30em}} | |||
<!---Place all category tags here--> | <!---Place all category tags here--> | ||
[[Category:Regulatory terms]] | [[Category:Regulatory terms]] |
Latest revision as of 23:14, 5 January 2022
An audit trail is a security-relevant chronological record, set of records, or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.[1][2][3] It may be composed of manual or computerized records of events and information, or both.
An audit trail includes an unambiguous record of events — either individually, or in blocks of temporally connected changes — associated with an individual user (or if changes are created automatically by the system, this must be indicated) and the date and time the change occurred (e.g., by the use of a time zone or reference to GMT). The process that creates an audit trail often run in privileged mode so it can access and supervise all actions from all users and disallow normal users from accessing the audit trail. Another way of handling this issue is through the use of a role-based security model in the software.[4]
Audit trails are recommended or mandated in various guidance, standards, and regulations, including:
- 21 CFR Part 211: mentioned at various points, including at section 68, 100, 160, 188, and 194[5]
- ASTM E1578: "The laboratory informatics solution should have validated electronic audit trails that record information about each transaction, both for initial entries as well as modifications to entries."[6]
- CJIS Security Policy: "...shall produce, at the application and/or operating system level, audit records containing sufficient information to establish what events occurred, the sources of the events, and the outcomes of the events"[7]
- E.U. Commission Directive 2003/94/EC: "... and audit trails shall be maintained"[8]
- ISO 15189: "Ensures the integrity of the data and information and includes the recording of system failures and the appropriate immediate and corrective actions" and is "in compliance with national or international requirements regarding data protection"[9]
- NIST SP 800-53 Rev. 5: "Ensure that audit records contain information that establishes" a variety of "indicators of event success or failure"[10]
References
- ↑ "National Information Assurance (IA) Glossary" (PDF). Committee on National Security Systems. 26 April 2010. pp. 4. Archived from the original on 15 April 2012. https://web.archive.org/web/20120415010047/http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf. Retrieved 05 January 2022.
- ↑ "ATIS Telecom Glossary 2012 - audit trail". ATIS Committee PRQC. 2012. Archived from the original on 13 March 2013. https://web.archive.org/web/20130313232104/https://www.atis.org/glossary/definition.aspx?id=5572. Retrieved 05 January 2022.
- ↑ "Audit Trails" (TXT). National Institute for Standardization. March 1997. https://csrc.nist.gov/csrc/media/publications/shared/documents/itl-bulletin/itlbul1997-03.txt. Retrieved 05 January 2022.
- ↑ Brancik, Kenneth C. (2007). "Chapter 2: Related Research in Insider Computer Fraud and Information Security Controls". Insider computer fraud: an in-depth framework for detecting and defending against insider IT attacks. CRC Press. pp. 18–19. ISBN 1420046594. https://books.google.com/books?id=lsDngU-RUywC&hl.
- ↑ "Code of Federal Regulations Title 21 Part 211 Current Good Manufacturing Practice for Finished Pharmaceuticals". U.S. Food and Drug Administration. 1 October 2021. https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=211. Retrieved 05 January 2022.
- ↑ "ASTM E1578-18 Standard Guide for Laboratory Informatics". ASTM International. 23 August 2019. https://www.astm.org/e1578-18.html. Retrieved 05 January 2022.
- ↑ "Criminal Justice Information Services (CJIS) Security Policy". U.S. Department of Justice. 1 June 2020. https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center. Retrieved 05 January 2022.
- ↑ "Commission Directive 2003/94/ED" (PDF). Official Journal of the European Union. 8 October 2003. https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2003:262:0022:0026:en:PDF. Retrieved 05 January 2022.
- ↑ "ISO 15189:2012 Medical laboratories — Requirements for quality and competence". International Organization for Standardization. November 2012. https://www.iso.org/standard/56115.html. Retrieved 05 January 2022.
- ↑ "NIST Special Publication 800-53 Revision 5: Security and Privacy Controls for Information Systems and Organizations" (PDF). National Institute of Standards and Technology. September 2020. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf. Retrieved 05 January 2022.