LOG-2 Logging of Administrative actions

What is this control about?

Do you have a way to track and monitor any actions taken by a user with privilege access to each system?

Privileged access comes with great responsibility. Each organization must monitor such access and the logging and review of administrative actions is one way to do it.

Available tools in the marketplace

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

• N/A – Each system is different. Refer to the artifact example

Control implementation

Enable audit trail on all systems if possible, however, you can focus on critical systems first and work your way up. Ensure the following are enabled:

• Tailor the audit trail to capture administrative actions
• Restrict the audit trail read/edit abilities to a select few

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

• Provide screenshot of audit trail configuration settings showing all the items being captured
• Provide screenshot of audit trail configuration settings showing that administrative actions are captured
• Provide evidence that the audit trail is restricted to a select few

Evidence example

From the suggested action above, an example is provided below.

1.    Provide a screenshot of audit trail configuration settings showing all the items being captured.

Example screenshot show the action tracked for a period of time

2. Provide a screenshot of audit trail configuration settings showing that administrative actions are captured.

Evidence shows the type of actions being tracked

3. Provide evidence that the audit trail is restricted to a select few.

Evidence shows the various user roles and who can see user’s activity