ISO/IEC 27001 Control 8.15: Logging
Control
Logs that record activities, exceptions, faults and other relevant events should be produced, stored, protected and analysed.
Necessity of MidPoint
MidPoint is optional for implementation of this control.
Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.
Implementation Overview
MidPoint records all activity in audit trail.
Implementation Details
MidPoint records all changes in data and configuration to structured audit trail. The trail can be searched and analyzed, some analysis tools are provided in midPoint administration user interface. User interface provides an ability to see the state of data as they looked in the past (a.k.a. "time machine"), which is based on reconstruction of data from the audit trail records. There are also several pre-configured dashboards using the audit trail information in midPoint user interface, with an option to add more customized dashboard components. The format of audit trail data is public and documented, which can be used as an integration point with other system. Especially security information and event management (SIEM) systems are meant to be consumers of midPoint audit trail data.
Rationale
MidPoint records all changes regarding access control and policies in its audit trail, making it a prominent source of security-related information.