All mission-critical and high risk Agency information resources shall forward all audit logs to the Agency's security information and event management (SIEM) system for review, analysis, and reporting.
Information security events are not reported.
The information system provides an audit reduction and report generation capability that:
a. Supports on-demand audit review, analysis, and reporting requirements and after-the-fact investigations of security incidents; and
b. Does not alter the original content or time ordering of audit records.
Audit records cannot be altered by administrators.
No statewide control
Obtain audit and accountability policy; procedures addressing audit reduction and report generation; information system design documentation; audit reduction, review, and reporting tools; and associated documentation ;other relevant documents or records and ascertain if:
(I) the information system provides audit reduction and report generation tools that support after-the-fact investigations of security incidents without altering original audit records.
(ii)the information system provides the capability to automatically process audit records for events of interest based upon selectable, event criteria.
