ACP 185
ACP 185
ACP 185
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
UNCLASSIFIED<br />
ANNEX A TO<br />
<strong>ACP</strong> <strong>185</strong><br />
1.31 Audit Logging Procedures<br />
1.31.1 Types of Events Recorded<br />
All NDPKIs shall audit the system to ensure that the trust and integrity of the PKI is maintained.<br />
This may include but not limited to certificate lifecycle operations, physical and logical access<br />
(successful and failed) of NDPKI assets such as CAs, authorised repositories, and RA<br />
workstations, changes to the configuration of these systems, functions performed on the audit<br />
log, security relevant changes to the platform and PKI applications, and requests made to the<br />
system and responses to those requests.<br />
For each event the following minimum information shall be recorded:<br />
• Type of event.<br />
• Date and time of event.<br />
• Identity of entity causing event and that of those handling it.<br />
• The success or failure (along with reason for failure) of the event.<br />
CSAs are not required to log requests for revocation status or the responses to those requests.<br />
1.31.2 Frequency of Processing Log<br />
Audit logs shall be reviewed periodically at least six times a year for anomalous and<br />
unauthorised events in accordance with the NDPKI policies.<br />
1.31.3 Retention Period for Audit Log<br />
Security audit logs shall be available onsite for at least 2 months or until review, then offsite as<br />
archive records in accordance with National Defence regulations. Audit data can only be deleted<br />
from a system after it has been archived.<br />
1.31.4 Protection of Audit Log<br />
Audit data shall not be open for modification by any person or automated system process, other<br />
than those performing the security audit function.<br />
NDPKI system and configuration procedures shall be in place to protect the electronic audit log<br />
system and audit information captured electronically or manually from unauthorized viewing,<br />
modification, deletion or destruction.<br />
Uncontrolled copy when printed<br />
1.31.5 Audit Log Backup Procedures<br />
Audit logs and audit summaries shall be backed up. A copy of the audit log shall be sent off-site.<br />
1.31.6 Audit Collection System (Internal vs. External)<br />
The audit collection system shall be in accordance with National Defence regulations.<br />
A-25<br />
UNCLASSIFIED