Policy Number: 12-005
Category: Information Technology
Responsible Executive: Vice President and Chief Information Officer
Responsible Office: Information Technology
To provide accurate and comprehensive audit logs in order to detect and react to inappropriate access to, or use of, information systems or data.
This policy applies to all Information Systems that store, process or transmit University Data.
Information System means an individual or collection of computing and networking equipment and software used to perform a discrete business function. Examples include the eLearning System, Student Information System, the EPIC electronic medical records system, a lab system and associated PC or the set of desktop computers used to perform general duties in a department.
University of Florida Datameans data in any format collected, developed, maintained or managed by or on behalf of the University, or within the scope of University activities. The terms ‘data’ and ‘information’ are used interchangeably in the context of the information security program.
4.1. Access to Information Systems and data, as well as significant system events, must be logged by the Information System.
4.2. Information System audit logs must be protected from unauthorized access or modification.
4.3. Information System audit logs must be retained for an appropriate period of time, based on the Document Retention Schedule and business requirements. Audit logs that have exceeded this retention period should be destroyed according to UF document destruction policy.
University Regulation 1.0102: Policies on Information Technology and Security
University of Florida Records Retention Schedules
NIST 800-53 revision 5: AU-2, AU-3, AU-4, AU-5, AU-6, AU-7, AU-8, AU-10, AU-11, AU-12
Additional Resources
Standard Number: SEC-TS-006.01
Standard Family: Information Security
Standard Category: Technical Security
Effective: 3-7-2017, Amended 7-18-2024 (substantive)
Purpose:
In order for Information Technology activity and audit logs to be useful, they must record sufficient information to serve the operational needs, preserve accountability, and detect malicious activity. This standard defines these events and content.
Standard:
- All information systems will produce audit records for at least the following events:
- System startup and shutdown
- User logon and logoff
- Privilege escalation
- Account creations, changes or deletions
- Password changes
- Information systems should produce audit records for the following event types, depending on system capabilities:
- Starting and stopping of processes and services
- Installation and removal of software
- System alerts and error messages
- System administration activities
- Access to and modification of Restricted Data
- Log records will include at least the following elements:
- Identifier of the system that generated the event
- Timestamp of the event
- The action or type of event and any relevant data
- Success or failure of the action
- The user associated with the event
- Remote address, if the event occurs over a network connection
History
History: New 3-7-2017,Amended 7-18-2024 (administrative)
