Log and review all access management failures and anomalies

From aptrust
Jump to: navigation, search Log and review all access management failures and anomalies
Status Ready for review
Compliance Rating Fully compliant

The repository shall log and review all access management failures and anomalies.

Supporting Text

This is necessary in order to identify security threats and access management system failures.

Examples for Meeting the Requirement

Access logs, capability of the system to use automated analysis/monitoring tools and generate problem/error messages; notes of reviews undertaken or action taken as a result of reviews.


A repository should have some automated mechanism to note anomalous or unusual denials and use them to identify either security threats or failures in the access management system, such as valid users’ being denied access. This does not mean looking at every denied access.

Evidence Provided

APTrust follows the standard security advice of granting least privilege — that is, granting only the permissions required to perform a task. Otherwise we default to DENY ALL. This means that all access is denied by default and only granted to specific users if absolutely necessary. The types of authorized and unauthorized access as well as security logs and records generated during APTrust operations are explained in Key Management, Security, and Logging.