National Industrial Security Program Operating Manual (NISPOM) – NISP is the authority within the United States for access to classified data by government contractors. The Operating Manual (NISPOM) sets comprehensive standards to ensure continued availability and integrity of classified data, and prevent its unauthorized disclosure. NISPOM affects all government agencies and commercial contractors who have access to classified data.

  • Granular activity records
  • Successful and unsuccessful logon and logoffs
  • Successful and unsuccessful accesses to files and directories (including creation, open, close, modification and deletion)
  • System activity log protection from unauthorized access, modification or deletion.
  • Scheduled analysis of activity logs using automated tools
  • At least weekly review of audit log records
  • Documentation and reporting of security relevant events
  • At least 1 year
  • Compressed and encrypted
  • User Logon report – NISPOM Chapter 8 Compliance requirements state that user accesses to the system be recorded and monitored for possible abuse.
  • User Logoff report – NISPOM Chapter 8 requirements state that user accesses to the system be recorded and monitored for possible abuse.
  • Logon Failure report – The security logon feature includes logging all unsuccessful login attempts. The user name, date and time are included in this report.
  • Audit Logs access report – NISPOM Chapter 8 requirements (review and audit access logs) calls for procedures to regularly review records of information system activity such as audit logs.