10.10.4 Administrative and Operator Logs

Illustrative Controls and TIBCO LogLogic Solution

All users (internal, external and temporary) and their activity on IT systems (business application, system operation, development and maintenance) must be uniquely identifiable. Administrators and root users must never directly access system components, as these accounts are generally shared and difficult to track back to a specific individual. Instead, these users should be accessing these components using commands such as sudo or su; or in the Window environment, be assigned to a administrative group. This setup allows individuals’ actions to be tracked.

To satisfy this requirement, administrators must ensure all logins are not shared. Administrators must review the ID list to identify IDs that might be a generic ID and question who is using it and why it is there.

Reports and Alerts

Use the following link/reference to see the 10.10.4 reports and alerts: TIBCO LogLogic Reports and Alerts Quick Reference.