MUHC Information Security - Information System Activity Review Overview.docx
The Audit Controls standard is the requirement for solutions to have the capability of logging activity, whereas the Information Security Activity Review implementation specification is about the process of reviewing the logs.
There are different types of logging activity:
- System Logs – internal logs regarding the operations of the solution.
- Authentication Logs – logs related to user authentication (when a user logs in to the solution).
- User Access Reports – logs related to users accessing, creating, modifying, or deleting data within the solution.
The link above provides the details of log requirements.