§164.308(a)(5)(ii)(C): Procedures for monitoring log-in attempts and reporting discrepancies.
Audit Inquiry
Does the entity have policies and procedures in place to incorporate procedures for monitoring log-in attempts and reporting discrepancies into its security awareness and training program?
Obtain and review procedures (or other vehicle) for monitoring log-in and reporting discrepancies and related training material.
Elements to review may include but are not limited to:
• Workforce members’ roles and responsibilities in monitoring log-in attempts and reporting discrepancies
• Identify how log-in monitoring is conducted
• How to identify an inappropriate or attempted log-in
• Action(s) to be taken in response to an inappropriate or attempted log-in
Obtain and review documentation demonstrating that procedures are in place to monitor log-in attempts and report discrepancies. Evaluate and determine whether such procedures are in accordance with the monitoring log-in attempts and reporting discrepancies procedures in the training material.
Obtain and review documentation of workforce members and role types of who should be trained on the procedures for monitoring log-in attempts and reporting discrepancies. Obtain and review documentation of the workforce members who were trained on the procedures for monitoring log-in attempts and reporting discrepancies. Evaluate and determine if appropriate workforce members are being trained on the procedures for monitoring log-in attempts and reporting discrepancies.
Has the entity chosen to implement an alternative measure?
If yes, obtain and review entity documentation of why it has determined that the implementation specification is not a reasonable and appropriate safeguard and what equivalent alternative measure has been implemented instead.
Evaluate documentation and assess whether the alternative measure implemented is equivalent to the protections afforded by the implementation specification.
Required/Addressable
Addressable