Login security control: Audit events

[srtalbot]

Instructions:

Link to the SRTM cell for each control is provided below. In each check list item it will identify the disciplines involved and provide links to the documentation that needs to be updated.

Acceptance criteria

Must

• [x] AU-3 log login actions, including: User ID, successful login, unsuccessful login, number of consecutive unsuccessful logins, timestamp and date of when event occurred, and the IP address.
• [ ] AU-4 and AU-11 Ensure the audit records are stored for [input form policy]

Should

• [ ] AU-6 Schedule an audit log review with ISTS in 6 months. In review look for inappropriate or unusual activity.

[srtalbot]

@sarahhobson - need input from policy on log retention time. cc: @bryan-robitaille

[sarahpiovesana]

Could someone confirm if these logs only contain information about public servants that use the product?

[srtalbot]

We shouldn't be logging any end-user actions here - @jeberhardt @falila , could you confirm that's your understanding as well?

[srtalbot]

Please update this link with the audit information.

[srtalbot]

@craigzour, @bryan-robitaille - can you please update the link above with the logging information? Please provide code snippets showing that we capture the above logs.