|
| DOE-STD-4001-2000
C2.2.10.4.
RMAs shall control access to audit functions based upon user account
information.
C2.2.11. System Audits
C2.2.11.1. RMA audit utilities shall provide an account of records capture, retrieval,
and preservation activities to assure the reliability and authenticity of a record.
C2.2.11.2. RMA audit utilities shall provide a record of transfer and destruction
activities to facilitate reconstruction, review, and examination of the events surrounding or leading
to mishandling of records, possible compromise of sensitive information, or denial of service.
C2.2.11.3. RMAs shall provide the capability to store audit data as a record.
C2.2.11.4. The following audit information shall be reported on demand:
C2.2.11.4.1.
Total Number of Records.
C2.2.11.4.2.
Number of Records by Record File Code.
C2.2.11.4.3.
Number of Accesses by File Code.
C2.2.11.5. The following audit information shall be logged for each delete operation:
C2.2.11.5.1.
Record Identifier.
C2.2.11.5.2.
File Code.
C2.2.11.5.3.
User Account Identifier.
C2.2.11.5.4.
Date/Time.
C2.2.11.5.5.
Authorizing Individual Identifier (if different from user Account
Identifier).
C2.2.11.6. RMAs shall allow only authorized individuals to enable/disable the audit
functions and to backup and remove audit files from the system.
C2.2.12. System Management Requirements
The following are functions typically provided by the operating system or a DBMS: (They are also
considered requirements to ensure the integrity and protection of organizational records. They
shall be implemented as part of the overall records management system even though they may be
performed externally to an RMA.)
C2.2.12.1. Backup of Stored Records. The RMA system shall provide the capability,
as determined by the Agency, to automatically create backup or redundant copies of the records
as well as their metadata. (36 CFR 1234.28, reference 2.m)
C2.2.12.2. Storage of Backup Copies. The method used to backup RMA data base
files shall provide copies of the data that can be stored off-line and at separate location(s) to
safeguard against loss of records, record profiles, and other records management information due
to system failure, operator error, disaster, or willful destruction. (36 CFR 1234.30, reference 2.n)
10
|
Privacy Statement - Press Release - Copyright Information. - Contact Us |