Security Basics mailing list archives
Auditing requirements
From: "King, Gregory" <cxz9 () cdc gov>
Date: Wed, 2 Mar 2005 18:41:55 -0500
Hello and good day to all... I currently work in the Federal section performing IT security, which we all know because of FISMA requirements all Federal agencies are now required to perform security assessments in accordance with (IAW) NIST 800-26 and blah blah...The biggest issue thus far complying to the standards illustrated in the SP is that auditing is too cumbersome to enable at the database level due to performance concerns. Can someone better justify why auditing should not be turned on at the database level other than a decrease in performance? What are the some of the factors I should key on besides that it is a requirement and a recommended security control mechanism? Regards, Gregory A. King Sr. KMT Security Lead Strategic National Stockpile Office: 404-687-6591 Mobile: 678-296-6256 eMail: cxz9 () cdc gov
Current thread:
- Auditing requirements King, Gregory (Mar 03)