Title

E-mail audit trails are not reviewed daily. (Cat III impact)

Discussion

Access to E-mail services and software is logged to establish a history of actions taken in the system. Unauthorized access or use of the system could indicate an attempt to bypass established permissions. Reviewing the log history can lead to discovery of unauthorized access attempts. Reviewing the logs daily helps to ensure that prompt attention is given to any suspicious activities discovered therein.

Check Content

Interview the IAO. Review the audit trail review procedures in the System Security plan. The procedures should include evidence of the occurence and frequency of reviews. Also review the evidence of review results. Criteria: If Audit trail review procedures and evidence of reviews exist, this is not a finding.

Fix Text

Procedure: Develop and implement procedures to review audit records daily. Include procedures for response to indications of access by unauthorized usage.

Additional Identifiers

Rule ID: SV-20654r1_rule

Vulnerability ID: V-18869

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.