Benchmark: 11.10(e) Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records
Description
Persons who use closed systems to create, modify, maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine. Such procedures and controls shall include the following: (e) Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying.
Usage
Browse dashboards and select 11.10(e) Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check aws_compliance.benchmark.gxp_21_cfr_part_11_11_10_eSnapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_compliance.benchmark.gxp_21_cfr_part_11_11_10_eControls
- API Gateway stage logging should be enabled
- At least one multi-region AWS CloudTrail should be present in an account
- All S3 buckets should log S3 data events in CloudTrail
- At least one enabled trail should be present in a region
- CloudTrail trails should be integrated with CloudWatch logs
- Log group retention period should be at least 365 days
- DynamoDB tables should be in a backup plan
- DynamoDB table point-in-time recovery should be enabled
- EBS volumes should be in a backup plan
- EC2 instance should have EBS optimization enabled
- EFS file systems should be in a backup plan
- ElastiCache Redis cluster automatic backup should be enabled with retention period of 15 days or greater
- ELB application and classic load balancer logging should be enabled
- Elasticsearch domain should send logs to CloudWatch
- OpenSearch domains should have audit logging enabled.
- OpenSearch domains logs to AWS CloudWatch Logs
- RDS DB instance backup should be enabled
- RDS DB instances should be in a backup plan
- Database logging should be enabled
- AWS Redshift audit logging should be enabled
- AWS Redshift clusters should have automatic snapshots enabled
- Redshift cluster audit logging and encryption should be enabled
- S3 bucket cross-region replication should be enabled
- S3 bucket logging should be enabled
- S3 bucket versioning should be enabled
- VPC flow logs should be enabled
- Logging should be enabled on AWS WAFv2 regional and global web access control list (ACLs)