Audit Policy

I. OBJECTIVE & PURPOSE

To provide accurate and comprehensive audit logs in order to detect and react to inappropriate access to, or use of, University of North Florida information systems or data.

II. STATEMENT OF POLICY

Access to Information Systems and data, as well as significant system events, must be logged by the Information System.

Information System audit logs shall, at a minimum:

• be protected from unauthorized access or modification
• be retained for an appropriate period of time, based on the business requirements and applicable records retention requirements, but in no case for less than six months
• record, at a minimum:
  • successful and unsuccessful login or authorization attempts
  • critical system events
  • the IP address or other network address a login or authorization attempt originates from
  • full time and date stamp of all logged events
  • system start-ups and shut-downs
  • logging start-ups and shut-downs
  • exceptions and security events

For systems containing or processing sensitive data, additional logging requirements apply. In such cases, the audit logs shall record, in addition to the above requirements:

• individual user accesses to sensitive information
• actions taken by any individual with administrative privileges
• access to audit trails
• use of and changes to identification and authentication mechanisms- including but not limited to creation of new accounts and elevation of privileges-and all changes, additions, or deletions to accounts with administrative privileges
• initialization, stopping, or pausing of the audit logs
• creation and deletion of system level objects