IHI Table1
| Auditable Events | Source of Software Audit mechanism Checklist | Affects User-based Non-repudiation | |||
|---|---|---|---|---|---|
| Log Entry Item | Chuvakin and Peterson[3] | CCHIT[2] | SANS[7] | IEEE[6] | (Yes or No) |
| System startup | X | X | X | N | |
| System shutdown | X | X | X | N | |
| System restart | X | N | |||
| User login/logout | X | X | X | Y | |
| Session timeout | X | Y | |||
| Account lockout | X | Y | |||
| Create data | X | X | X | Y | |
| Update data | X | X | X | Y | |
| Delete data | X | X | X | Y | |
| View data | X | X | X | Y | |
| Query data | X | Y | |||
| Node-authentication failure | X | X | X | N | |
| Signature created/validated | X | Y | |||
| Export data | X | Y | |||
| Import data | X | Y | |||
| Security administration event | X | X | X | X | N |
| Scheduling | X | N | |||
| System backup | X | X | Y | ||
| System restore | X | Y | |||
| Initiate a network connection | X | X | X | N | |
| Accept a network connection | X | X | N | ||
| Grant access rights | X | X | X | Y | |
| Modify access rights | X | X | X | Y | |
| Revoke access rights | X | X | X | Y | |
| System, network, or services changes | X | X | X | N | |
| Application process abort/failure/abnormal end | X | X | N | ||
| Detection of malicious activity | X | X | N | ||
| Changes to audit log configuration | X | N | |||