2.9.2-9 Automatic Records of Data Access

When records of data access are necessary, the records should be maintained automatically.

Additional Information:
Transaction records and logs should be stamped with user identifiers, time, and date. Provisions should be made to control requests for records and logs of data transactions with classified material. Users should be informed concerning the nature and purpose of automated recording of individual actions. Even cooperative, well-intentioned users can forget to keep manual logs of data access, and will resent the time and effort required to keep such logs. Subversive users, of course, cannot be expected to provide accurate records.