https://wiki.idesg.org/index.php?action=history&feed=atom&title=Secure_Req_15Secure Req 15 - Revision history2026-05-01T09:53:25ZRevision history for this page on the wikiMediaWiki 1.38.4https://wiki.idesg.org/index.php?title=Secure_Req_15&diff=6600&oldid=prevOmaerz: 7 revisions imported: Initial Upload of old pages from IDESG Wiki2018-06-28T04:03:35Z<p>7 revisions imported: Initial Upload of old pages from IDESG Wiki</p>
<p><b>New page</b></p><div>''<< Back to [[Baseline_Functional_Requirements_v1.0|Baseline Functional Requirements Index]]''<br />
<br />
== SECURE-15. SECURITY AUDITS ==<br />
Entities MUST conduct regular audits of their compliance with their own information security policies and procedures, and any additional requirements of law, including a review of their logs, incident reports and credential loss occurrences, and MUST periodically review the effectiveness of their policies and procedures in light of that data.<br />
<br />
=== SUPPLEMENTAL GUIDANCE ===<br />
Both internal and third-party audits are considered acceptable for conformance to this Requirement.<br />
<br />
This Requirement does not dictate frequency of audits. However, the processes, policies, procedures<br />
for conducting audits, and audit findings, as well as those for defining the frequency of audits, must be<br />
documented. Additionally, a process for remediating and correcting deficiencies identified during<br />
audits must also be documented.<br />
<br />
=== REFERENCES ===<br />
As an example: HIPAA Security Regulations regarding auditable controls and periodic review of logs:<br />
45 CFR Part 164, § 164.308(a)(1)(ii)(D), § 164.312(b): http://www.ecfr.gov/cgi-bin/textidx?node=pt45.1.164&rgn=div5<br />
<br />
=== APPLIES TO ACTIVITIES ===<br />
[[IDEF Functional Model REGISTRATION|REGISTRATION]], <br />
[[IDEF Functional Model CREDENTIALING|CREDENTIALING]], <br />
[[IDEF Functional Model AUTHENTICATION|AUTHENTICATION]], <br />
[[IDEF Functional Model AUTHORIZATION|AUTHORIZATION]], <br />
[[IDEF Functional Model INTERMEDIATION|INTERMEDIATION]]<br />
<br />
=== KEYWORDS ===<br />
[[IDEF Keywords AUDIT|AUDIT]], [[IDEF Keywords LOGS|LOGS]], [[IDEF Keywords POLICIES|POLICIES]], [[IDEF Keywords PROCESS|PROCESS]], [[IDEF Keywords SECURITY|SECURITY]]<br />
----<br />
----<br />
Quick Links: [[SALS]] | [[Baseline Functional Requirements v1.0]] | [[Glossary]] |<br />
<br />
----<br />
----</div>Omaerz