TISAX audit requirements |
What is it? |
Predefined reports in EventLog Analyzer |
Section 4.1.3 |
Access to information and IT systems is provided via validated user accounts assigned to a person. It is important to protect login information and to ensure the traceability of transactions and accesses. |
- User account changes, such as account creation, deletion, modification, and lockouts
- Computer account changes, including account creation, deletion, and modification
- User group changes, covering group creation, deletion, and modification
- Unix user access and individual user actions
|
Section 4.2.1 |
The management of access rights ensures that only authorized users have access to information and IT services. For this purpose, access rights are assigned to user accounts. |
- Policy changes, including audit policy changes, user right assignments, and trusted domain activities (creation, modification, deletion)
- Windows user access and individual user actions
- User account changes, encompassing creation, deletion, modification, and lockouts
- Computer account changes, such as account creation, deletion, and modification
- User group changes, covering group creation, deletion, and modification
- Unix user access and individual user actions
- Unix logon reports, including user logons, logoffs, and unsuccessful logons
- Unix account management reports on user account password changes and failures
- Unix failed logon reports, particularly unsuccessful logons with long passwords
- MSSQL account changes, including user and login creation, deletion, modification, role management, and credential changes
- MSSQL password changes and resets, including own password changes and failures
- Oracle security changes, like SQL injection, connect events, failed logons, account lockouts, expired passwords, and denial of service
- IIS web server error reports, covering client and server errors, password changes, failed authentications, bad requests, access denials, IP rejections, read/write access issues, and server restarts
- IIS FTP server reports on file downloads, uploads, transfer aborts, deletions, and security data exchanges
- PostgreSQL account changes, including user and role management and permission alterations
- Hypervisor system events, focusing on password changes and failures
- AS400 reports on logon failures due to invalid passwords and system password bypass period endings
|
Section 5.2.4 |
Event logs support the traceability of events in case of a security incident. This requires that events necessary to determine the causes are recorded and stored. In addition, the logging and analysis of activities in accordance with applicable legislation (e.g. Data Protection or Works Constitution Act) is required to determine which user account has made changes to IT systems. |
- Audit policy changes, including user rights assigned and removed, and trusted domain activities (creation, modification, deletion)
- Windows user access and individual user actions
- User account changes, such as account creation, deletion, modification, and lockouts
- Computer account changes, including account creation, deletion, and modification
- User group changes, covering group creation, deletion, and modification
- Unix user access and individual user actions
- File changes, encompassing file creation, modification, deletion, renaming, and permission changes
|
Section 5.2.7 |
IT systems in a network are exposed to different risks or have different protection needs. In order to detect or prevent unintended data exchange or access between these IT systems, they are subdivided into suitable segments and access is controlled and monitored by means of security technologies. |
- Network device logon reports, including successful and failed logons, logoff events, and VPN logon activities (both successful and failed)
- Network device attack reports, encompassing detected attacks and endpoint health assessments
- Network device configuration reports, covering configuration errors, interface status (up and down), command execution (successful and failed), and changes in configuration
- Network device security reports focused on website traffic monitoring and denied connections
- Audit policy changes, involving changes in user rights (assigned and removed) and trusted domain activities (creation, modification, deletion)
- Windows user access and individual user actions
- User account validation processes, including both pre- and post-authentication success and failure
- MSSQL account changes, encompassing SQL Server user and login management (creation, deletion, modification), SQL Server roles and credential handling (creation, deletion, modification), and tracking of SQL Server enabled and disabled users
|