Closed godfreykutumela closed 3 years ago
PI 11 Backlog
Task 1 - Extract audit logs from Mojaloop services and analyze them for audit logging adequacy :
Findings:
Task 2 - Explore Data Protection Standard for Data at Rest: Data at rest is static data stored on hard drives that is archived or not often accessed or modified.
Data protection standard will involve access controls for the specific areas where data is stored in Mojaloop applications and infrastructure.
Recommended standards for non log information
The following protective controls are recommended for Mojaloop data at rest:
Findings from Log Analysis of Mojaloop logs:
Recommendations for audit logging in Mojaloop
Audit logs create records that help you track access to the Mojaloop environment. Therefore, a complete audit log needs to include, at a minimum all or a combination of:
OSS Audit logging Standard.docx
Thanks @rasputtintin I moved the story to final review.
Made minor updates to document to add details of importance of Audit logging to the Mojaloop switch implementation:
Importance of Audit Logs Audit logging provides a historical account of all activities done by actors within a Mojaloop ecosystem. It will help Mojaloop implementations in the following ways:
Goal:
The objective is to look at compliance to best practice standards with regards to audit logging within a Mojaloop implementation. We shall investigate the following:
Tasks:
Acceptance Criteria:
Dependencies:
Accountability: