085 – Allow session history queries

Summary

The system must allow authorized users to inspect their own session history.

Description

Systems usually collect personal and transactional data from their users. Users should have control of their own data and, as such, should be allowed to query and inspect whatever information the system has collected from them, including their session history.

Supported In

Advanced: True

References

• GDPR-R7. The framework is based on control and certainty
• HIPAA-164_308_a_1_ii_D. Information system activity review (required)
• NYDFS-500_14. Training and monitoring
• MITRE-M1029. Remote data storage
• PADSS-4_1. Log all user access and be able to link all activities to individual users
• PDPO-5_27. Log book to be kept by data user
• CMMC-AU_L2-3_3_2. User accountability
• CMMC-PE_L1-3_10_4. Physical access logs
• HITRUST-13_f. Principle access
• HITRUST-13_s. Privacy monitoring and auditing
• ISO27002-5_16. Identity management
• LGPD-18_II. Data Subjects Rights
• MVSP-2_7. Application design controls - Logging
• OWASPSCP-7. Error handling and logging
• PCI-10_2_1_3. Audit logs are enabled and active for all system components
• ISO27001-5_16. Identity management

Last updated

2023/09/18