LOG-2 Logging of Administrative actions

What is LOG-2 Logging of Administrative Actions Control about?

Logging of Administrative Actions Control is a vital part of enterprise monitoring.

Privileged access comes with great responsibility. Each organization must monitor such access, and the logging and review of administrative actions is one way to do it.

Available tools in the marketplace

Tools:

No tool recommendation is made for this section.

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

• N/A: Each system is different. Refer to the evidence example.

Control implementation

To implement this control,

Enable an audit trail on all systems if possible; however, you can focus on critical systems first and work your way up. Ensure the following are enabled:

1. Tailor the audit trail to capture administrative actions.
2. Restrict the audit trail read/edit abilities to a select few.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

1. Provide a screenshot of the audit trail configuration settings showing all the items being captured.
2. Provide a screenshot of the audit trail configuration settings showing that administrative actions are captured.
3. Provide evidence that the audit trail is restricted to a select few.

Evidence example

For the suggested action, an example is provided below:

1. Provide a screenshot of the audit trail configuration settings showing all the items being captured.
   The following screenshot shows the action tracked over a period of time.
   
2. Provide a screenshot of audit trail configuration settings showing that administrative actions are captured.
   The following screenshot shows the types of actions being tracked.
   
3. Provide evidence that the audit trail is restricted to a select few.
   The following screenshot shows the various user roles and who can see the user’s activity.