Audit Changes To Firewall Settings Enabled

Summary

Things to Consider to Help Answer the Question:

Some information systems and electronic devices have built-in audit capabilities. Activating such features enables your practice to have a ready way to monitor information system activity and discover misuse. Other audit control mechanisms might need to be acquired.

Auditing tools can be third-party products, freeware, firmware, or tools that your practice might build itself. Understanding current information system capabilities enables your practice to make the best use of the resources that are available before seeking out additional tools that are available in the marketplace.

Records (e.g., access/audit logs), firewall system activity, and similar documentation exist to serve purposes of monitoring and auditing.

Possible Threats and Vulnerabilities:

Your practice might not be able to detect, prevent, and document unauthorized system activity if its information systems do not have audit control mechanisms that can monitor, record and/or examine information system activity.

Some potential impacts include:

- Human threats, such as an employee or service provider with excessive or unauthorized access privileges, can go undetected and your practice might not be able to prevent a potential compromise to ePHI.

- Unauthorized disclosure (including disclosure through theft and loss) of ePHI can lead to identity theft.

Examples of Safeguards:

Some potential safeguards to use against possible threats/vulnerabilities. NOTE: The safeguards you may choose will depend on the degree of risk (likelihood) and the potential harm that the threat/vulnerability poses to you and the individuals who are the subjects of the ePHI.

Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.

[45 CFR �164.312(b)]

Configure information systems and components to automatically capture and generate audit records containing information that establishes what type of event occurred, when and where it occurred, its source, and the outcome. You should also collect information on the identity of any individuals or subjects associated with the event.

[NIST SP 800-53 AU-3]

Periodically review and analyze your information system's audit records for indications of inappropriate or unusual activity.

[NIST SP 800-53 AU-6]

Provide an audit reduction and report generation capability that supports on-demand audit review, analysis, and reporting requirements and does not alter the original content or time ordering of audit records.

[NIST SP 800-53 AU-7]

Configuration

In order to be considered compliant, the following two subcategories of the "Policy Change" audit policy category must be set to "Success and Failure":

MPSSVC Rule-Level Policy Change

Filtering Platform Policy Change