The responsible identity team should be able to track all actions taken by a certain Identy, with full name, timestamp, action performed (eventID), and the network origin/device used to perform the action.
The logs should be accesible and searchable including data from the last 90 days.
A log archive from the last year should also be possible to restore for audit purposes.
Adhering to the Security by design pattern:
The responsible identity team should be able to track all actions taken by a certain Identy, with full name, timestamp, action performed (eventID), and the network origin/device used to perform the action. The logs should be accesible and searchable including data from the last 90 days.
A log archive from the last year should also be possible to restore for audit purposes.