| Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes, but is not limited to, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked.
In some instances, DoD may require customized application-related events to be logged. The application server must have the capability to include organization defined detailed information in the audit records for audit events.
An example of detailed information that DoD may require in audit records is full-text recording of privileged commands or the individual identities of group account users.
The AS hosts multiple applications with varying features and capabilities while providing a limited set of management functions. This requirement is better met by applying it to the application residing on top of the AS rather than the AS itself.
|
