IS4550

Policy Monitoring and Enforcement Strategy

Policy monitoring procedures within the Department of Defense for the auditing, and monitoring of networks .This policy establishes minimum practices to ensure the Department of Defense systems and networks are audited to maintain awareness of the operating environment, to detect indications of security problems, and to ensure systems and networks are used for authorized purposes.
This policy is issued to ensure compliance with • The Federal Information Management Security Act (FISMA) • Department of Defense IT Security Policy Management Policy

This applies to all Department of Defense employees and contractor employees using or operating Department of Defense computer systems, as well as the systems and networks, and to contractor employees providing services to the Department of Defense networks.
It is Department of Defense policy that Monitoring shall be used for the following • Individual Accountability Monitoring, shall be used to support accountability by providing a trace of user actions. • Intrusion Detection Monitoring,shall be designed and implemented to record appropriate information to assist in intrusion detection.

All Department of Defense information technology systems shall be monitored, audited and normal logging processes within the scope of this policy. An audit trail will include information to establish what activity occurred and who or what caused them. The following represents the events that would provide an acceptable audit trail.

• User login – unsuccessful, successful if feasible • Service startup and shutdown -- unsuccessful and successful, if feasible • User account permission modifications -- unsuccessful and successful • User account additions and deletions -- unsuccessful and successful • IP address or hostname associated with a given event, if feasible

Monitoring of Department of Defense Network • Department of Defense networks will be monitored for unauthorized or improper use. • Unauthorized or improper use of the systems shall be investigated and, discipline actions shall be imposed according the Human Resource's. If criminal activity is discovered, system logs shall be provided to the appropriate law enforcement officials. • Department of Defense system may be accessible through legal discovery and the Freedom of Information Act (FOIA) and shall be maintained as records and protected as such.

Prohibited uses of Department of Defense resources can result in punishment in accordance with federal law and civilian employee regulations. • User Accounts will be randomly audited to ensure compliance with established security standards. All employee and contractor accounts will be audited upon termination. • Audit trail information is subject to the Freedom of Information Act (FOIA).

All Department of Defense employees and contractor employees shall be aware of and observe policies regarding network audit and monitoring. Information System Security Officers, and System Administrators shall implement practices of this policy systems applications they are responsible for