Log Management Policy

This log management and review policy specifies that information systems must generate, store, process, and aggregate appropriate audit logs across the Netspective Communications LLC’s entire environment to provide key information and detect indicators of potential compromise.

1. Netspective Communications LLC shall make it a requirement for all production systems to record and retain audit-logging information.

Activities performed on the system

User Activities performed on the system

2. Netspective Communications LLC must log specific activities, which include, at a minimum:

• Creating, reading, updating, or deleting information (including authentication information such as usernames or passwords).
• Accepting or initiating network connections (Network Logs). [FII-SCF-007-MON-01.7]

Network Log

• Systems and networks should authenticate and authorize users, and log such activities (application logs). [FII-SCF-012-IAC-07.1]

Application logs

• Access logs should record when access rights are granted, modified, or revoked, including when a new user or group is added, user privileges are changed, file permissions or database object permissions are changed, firewall rules are changed, or passwords are changed.
• Configuration changes audit trails should record changes made to system, network, or service configurations, including software installations, patches, updates, or other changes to installed software.
• Applications should log any abnormal termination, failure, or abortion of a process, particularly due to resource depletion, exceeding resource limits or thresholds (such as CPU, memory, network connections, network bandwidth, disk space, or other resources), network service failures like DHCP or DNS, or hardware faults.
• IDS/IPS and/or firewall logs should detect suspicious and/or malicious activity from a security system, such as an Intrusion Detection or Prevention System (IDS/IPS), antivirus system, or anti-spyware system. [FII-SCF-007-MON-01.1]

3. Netspective Communications LLC must aggregate all logs in a central system to enable correlating, analyzing, and tracking activities across different systems for similarities, trends, and cascading effects. Log aggregation systems should have automatic and timely log ingestion, event and anomaly tagging and alerting, and the ability for manual review. [FII-SCF-012-IAC-04]

4. Netspective Communications LLC must review logs manually on a regular basis, including: [FII-SCF-007-MON-01.6]

   • Reviewing the activities of users, administrators, and system operators at least once a month.
   • Reviewing logs related to PII at least once a month to identify unusual behavior.