UnixTime

Research Note

Privileged Activity Log Review Checklist

Use this checklist to review privileged account activity logs for appropriate, authorized, and traceable use.

On this page

When to use this

Use this checklist to review privileged account activity logs for appropriate, authorized, and traceable use.

Review checklist

  • Logs identify individual privileged user.
  • Activity aligns to approved role or work order.
  • Emergency access use is matched to emergency record.
  • Failed privileged access attempts are reviewed.
  • Log retention meets requirements.
  • Logs are protected from modification.
  • Suspicious activity is escalated.

Review record

Period System Reviewer Exceptions found Escalated? Evidence location
TBD TBD TBD TBD Yes/No TBD