dvstans
commented
3 years ago From J. Morgan:
The NIST Control is pretty generic when talking about auditable events.
“Identify the types of events that the system is capable of logging in support of the audit function [organization-defined events].
What ORNL has decided is any event that is considered “security significant” should be captured. The way I’ve always looked at the term is if the event could cause a security degradation to the system or application (Clear as mud). An example would be we (cyber) would like to know if an admin turned off an audit function say for logging invalid logins. If you would like to discuss in more detail, please let me know, I’ll gladly set some time aside to assist.
Need to add logging to comply with OLCF production requirements. Need to define exact requirements for this.