This repository has been archived by the owner on Aug 11, 2022. It is now read-only.
Admin - Security AU-02 - Audit Events #258
Assignees
Comments
|
For now we do not think any events in Talent Cloud need special handling for audit records. |
|
Nevermind, this is actually just a decision of what needs to be auditable based on the staffing process. We should start a conversation with departmental HR to see if there's a buisiness need for us to audit anything at this time. Because HR is still accountable for this, we think there will be minimal requirements on Talent Cloud for auditing. Will confirm. |
|
Check to see if the database can do audit triggers. |
|
Preliminary audit logs are there. Need to tell TBS infrastructure to start collecting them and review what is being logged. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
Investigate if applying to a job should be an auditable event
(A) The organization determines that the information system is capable of auditing the following events: [Assignment: organization-defined auditable events].
(B) The organization coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events.
(C) The organization provides a rationale for why the auditable events are deemed to be adequate to support after-the-fact investigations of security incidents.
(D) The organization determines that the following events are to be audited within the information system: [Assignment: organization-defined audited events (the subset of the auditable events defined in AU-2 a.) along with the frequency of (or situation requiring) auditing for each identified event].
Required for Completion
The text was updated successfully, but these errors were encountered: