CA-7 Continuous Monitoring
Control: Monitor the security controls in the system on an ongoing basis.
Illustrative Controls and TIBCO LogLogic Solution
A logging and monitoring function enables the early detection of unusual or abnormal activities that might to be addressed. Administrators must ensure that IT security implementation is tested and monitored proactively. IT security should be reaccredited periodically to ensure the approved security level is maintained.
Access to the logging information is in line with business requirements in terms of access rights and retention requirements. IT security administration must monitor and log security activity, and identify security violations to report to senior management. This control directly addresses the issues of timely detection and correction of data modification.
To satisfy this requirement, administrators must review the user access logs on a regular basis on a weekly basis for any access violations or unusual activity. Administrators must periodically, such as daily or weekly, review reports that show user access to servers related to the FISMA process. Review of these reports must be shown to auditors to satisfy this requirement.
In addition, administrators must ensure that all relevant log sources are logging properly to a centralized log management system. TIBCO LogLogic’s solution is developed from the ground up to be a regulatory compliance solution. All log messages, once received by the appliances, are transferred through TCP to ensure reliability. To ensure that no files are tampered with, all log files stored on the ST appliances have a separate MD5 signature, stored away from the file.