Question FIDP-11
Are audit logs available for all changes to the network, firewall, IDS, and IPS systems?
| Weight | 25 |
| High Risk | Yes |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
State plans to implement auditing capabilities for your network, firewall, IDS, and/or IPS.
Answering "YES"
Describe your current network systems logging strategy.
Reason for Question
Strong logging capabilities are vital to the proper management of a network. Implementing an immature system that lacks sufficient logging capabilities exposes an institution to great risk.
Follow-Up Inquiries
If a weak response is given to this answer, it is an indicator that a nontechnical representative populated the document and response scrutiny should be increased.
If a vendor does not answer appropriately, a follow-up request to have the question fully answered is appropriate.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]