CAN/CSA-ISO/IEC-10164-8-95 (R2014)

The international community has decided to make this standard available only in the English language version. It has been adopted as a National Standard of Canada on this basis. This National Standard of Canada is equivalent to International Standard ISO/IEC 10164-8:1993. 1 Scope This Recommendation | International Standard defines the security audit trail function. The security audit trail function is a systems management function which may be used by an application process in a centralized or decentralized management environment to exchange information and commands for the purpose of systems management, as defined by CCITT Rec. X.700 | ISO 7498-4. This Recommendation | International Standard is positioned in the application layer of CCITT Rec. X.200 | ISO 7498 and is defined according to the model provided by ISO/IEC 9545. The role of systems management functions is described by CCITT Rec. X.701 | ISO/IEC 10040. This Recommendation | International Standard - establishes user requirements for the service definition needed to support the security audit trail reporting function; - defines the service provided by the security audit trail reporting function; - specifies the protocol that is necessary in order to provide the service; - defines the relationship between the service and management notifications; - defines relationships with other systems management functions; - specifies conformance requirements. This Recommendation | International Standard does not define - a security audit, nor how to perform one. A security audit may be used to assist in assessing the effectiveness of a security policy. The security policy identifies the categories of security-related events that require auditing, and the location of the security audit trail log in which they are to be recorded; - the nature of any implementation intended to provide the security audit trail function; - the occasions where the use of the security audit trail function is appropriate; - the services necessary for the establishment, normal and abnormal release of a management association; - any other notifications defined by other Recommendations | International Standards which may be of interest to a security administrator.