(ii) Implementation specifications:
(C) Log-in monitoring (Addressable). Procedures for monitoring log-in attempts and reporting discrepancies.
Tell Me More:
The Log-In Monitoring implementation specification requires covered entities to implement procedures for monitoring log-in attempts and to report discrepancies. Log-in Monitoring can be done on an exception / alert basis and should be part of an overall Information System Activity Review program.
Individuals who have not been granted access to sensitive PHI and other information, e-mail, critical systems and applications, may try to gain access by using software to discover user identification and passwords. Additionally, persons may attempt to guess passwords for particular individuals and thus gain unauthorized entry to restricted applications, PHI and e-mail accounts.
To identify potential unauthorized access, intrusion attempts or policy violations, you should monitor user access and prepare periodic reports for use in making security program adjustments. At minimum, unsuccessful attempts to log into the network, applications with PHI and other sensitive information or other password-protected documents should be documented and reported.
Questions to consider:
- Does the organization track all system and application log-ins? Such tracking will allow the organization to know who is accessing ePHI as well as who is attempting to access ePHI.
- Does the organization review the login reports (manually or using an automated system) to identify potential security problems? Are potential problems addressed? Incidents should be identified and corrective action taken as appropriate.
- NIST SP 800-12 chapter 13 An Introduction to Computer Security: The NIST Handbook
- NIST SP 800-16 IT Security Training Requirements: Role and Performance Based Model
- NIST SP 800-53, Revision 3 Recommended Security Controls for Federal Information Systems and Organizations
- NIST SP 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems
- NIST SP 800-63 Recommendation for Electronic Authentication