| 1. Applications shall ensure its role-based access control implementation enforces separation of duties and least privilege. Two examples of duty separation are: |
a. Personnel that review and clear audit logs and personnel that perform non-audit administration, and
b. Personnel that create, modify and delete access control rules and personnel that perform either data entry or application programming.
2. For Windows systems, the NTFS file permissions should be System – Full control, Administrators and Application Administrators - Read, and Auditors - Full Control.
3. For Unix systems, use the ls –la (or equivalent) command to check the permissions of the audit log files. Excessive permissions shall not exist.
4. Digital signatures and encryption shall be used for ensuring integrity and preserving confidentiality of audit trail data.