11.2.1 User Registration
All users (internal, external and temporary) and their activity on IT systems (business application, system operation, development and maintenance) should be uniquely identifiable. Ensuring all users have uniquely identifiable IDs ensures that accurate and complete audit trails can be maintained. Deficiencies in this area can significantly impact accountability. For example, users logging in using shared IDs can modify files and documents. This can prevent future audits to identify who has modified the data.
To satisfy this requirement, administrators must ensure all logins are not shared. Administrators must review the ID list to identify IDs that may be a generic ID and question who is using it and why it is there.
Administrators can review the time and sources of the logins to determine whether they overlap. If the time overlap and sources are different, that should indicate a shared (or generic) ID. Administrators must also validate that attempts to gain unauthorized access to reporting systems and subsystems are logged and are followed up on a timely basis.
Reports and Alerts
Use the following link/reference to see the 11.2.1 reports and alerts: TIBCO LogLogic Reports and Alerts Quick Reference.