Question AAAI-18
Describe or provide a reference to the (a) system capability to log security/authorization changes as well as user and administrator security events (i.e., physical or electronic), such as login failures, access denied, changes accepted, and (b) all requirements necessary to implement logging and monitoring on the system. Include (c) information about SIEM/log collector usage.
| Weight | 25 |
| High Risk | No |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
Ensure that all elements of AAAI-18 are clearly stated in your response.
Answering "NO"
EDUCAUSE provides no guidance here
Answering "YES"
EDUCAUSE provides no guidance here
Reason for Question
Strong logging capabilities are vital to the proper management of a system. Implementing an immature system that lacks sufficient logging capabilities exposes an institution to great risk. Depending on your risk tolerance and the use case, your institution may or may not be concerned. The focus of this question is system-related logs (including but not limited to events, state changes, control modification, etc.).
Follow-Up Inquiries
If a weak response is given to this answer, it is appropriate to ask directed answers to get specific information. Ensure that questions are targeted to ensure responses will come from the appropriate party within the vendor.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]