Security Audit
This tutorial offers guidance on the importance of event security audits and how to configure the logging
and signing of various events on the Unifyia platform to ensure compliance and detect vulnerabilities.
The Security Audit feature enhances visibility and control, empowering organizations to manage potential
risks while preserving compliance and data integrity.
Overview
A security audit is a crucial process for maintaining the integrity and safety of your systems and data.
By configuring event security audits, organizations can ensure compliance with security standards and
proactively identify vulnerabilities. This feature allows administrators to define which events should
be logged and/or signed with the digital signature certificate of the logged-in user. This provides a
comprehensive record of system activities for auditing and monitoring purposes.
Advantages of the Security Audit
- Customizable Event Logging: Administrators can configure which specific events
within the system need to be logged. This ensures that critical actions, such as user logins, data
modifications, or system changes, are captured for review.
- Digital Signature Integration: To enhance the authenticity and integrity of the
logged events, each entry can be signed with the digital signature certificate of the logged-in
user. This guarantees that the logged event is verifiable, tamper-proof, and securely tied to the
user's identity.
- Compliance Assurance: Configuring event logs with appropriate security measures
helps ensure compliance with regulatory requirements and industry standards, such as GDPR, HIPAA, or
PCI-DSS, which often mandate detailed event auditing.
- Vulnerability Detection: By systematically auditing events and actions across the
system, organizations can identify unusual or unauthorized activities, enabling swift detection of
security vulnerabilities or breaches.
- Enhanced Security Posture: Event security audits help reinforce overall security
posture by providing transparency, accountability, and a clear audit trail for further investigation
and action in case of a security incident.
Prerequisites
- The option Enable Digital Signing under General
Settings must be enabled. To do
this, navigate to Configurations > General Settings >
Policies and Settings. Activate the Enable Digital Signing policy
to allow event data to be signed using the PIV Digital Signature certificate of the logged-in user.
- Administrator credentials to login to the Unifyia platform
Configure Event Logging and Signing
Login to the Unifyia platform using administrator credentials. On the dashboard, go to
Configuration > Security Audit to view the list of events. Each event entry includes
its name and the conditions that trigger it. You will see two toggle buttons for each event: one for
logging the event and another for signing the event.
The Sign Event option becomes available
only when Log Event option is enabled; an event cannot be signed without being logged.
To enable logging or signing for an event, slide the toggle to the right. To disable it, slide the
toggle to the left.
To search an event, type the name of the event in the search box. It displays the names of the available events.
The following sections list the events that can be logged and signed. They are divided into three logical
sections - Configuration and Integration Events, User Management Event, and Credential Management Events
for better management.
Configuration and Integration Events
The events listed under this section are generally administrative events and are managed by
administrators. The following table includes saving, updating, and deleting events that can be configured for security audit.
| Event Name |
Description |
|
Delete Workflow
|
Triggered when a workflow is deleted.
|
|
Save Certificate Authority Details
|
Triggered when new certificate authority details are saved.
|
|
Save Device Profile Details
|
Triggered when new device profile details are saved.
|
|
Save Directory Details
|
Triggered when new directory details are saved.
|
|
Save External CMS Details
|
Triggered when new external credential management system (External CMS) details are
saved.
|
|
Save External IdP Details
|
Triggered when a new external identity provider information is saved.
|
|
Save Group
|
Triggered when a new group is saved.
|
|
Save SSO Client Details
|
Triggered when new SSO Client details are saved.
|
|
Save Visual Designs
|
Triggered when a new visual design is saved.
|
|
Save Workflow
|
Triggered when a new workflow configuration is saved.
|
|
Update Branding Details
|
Triggered when an organization's branding details are updated.
|
|
Update Certificate Authority Details
|
Triggered when certificate authority details are updated.
|
|
Update Device Profile Details
|
Triggered when device profile details are updated.
|
|
Update Directory Details
|
Triggered when directory details are updated.
|
|
Update External CMS Details
|
Triggered when external credential management system (External CMS) details are
updated.
|
|
Update External IdP Details
|
Triggered when an external identity provider information is updated.
|
|
Update General Policies and Settings
|
Triggered when an organization’s general policies and settings are updated.
|
|
Update Group Name
|
Triggered when a group name is updated.
|
|
Update SSO Client Details
|
Triggered when SSO Client details are updated.
|
|
Update Visual Designs
|
Triggered when visual design details are updated.
|
|
Update Workflow
|
Triggered when a workflow configuration is updated.
|
User Management Events
The events listed under this section are typically related to the user onboarding, enrollment, approval.
| Event Name |
Description |
|
Add ID Documents
|
Triggered when ID proofing documents (I-9 documents) are saved.
|
|
Bulk Import of Users
|
Triggered when the users’ records imported in bulk are saved.
|
|
Change Role Permissions
|
Triggered when the permissions for a specific user role are changed, involving the granting or revoking of access to certain resources or actions within the system.
|
|
Change User Role
|
Triggered when a user's role has been changed.
|
|
Delete User
|
Triggered when a user's record is deleted.
|
|
Disable User Access
|
Triggered when a user account is disabled on the List of Users page.
|
|
Enable User Access
|
Triggered when a previously disabled user account is enabled on the List of Users
page.
|
|
Enroll User Face Image
|
Triggered when a user's facial image is saved.
|
|
Enroll User Fingerprints
|
Triggered when a user's fingerprint images are saved.
|
|
Enroll User Information
|
Triggered when user information is saved.
|
|
Enroll User Iris
|
Triggered when a user's iris images are saved.
|
|
Enroll User Signature
|
Triggered when a user's signature image is saved.
|
|
Enrollment Approved
|
Triggered when a user's enrollment is approved.
|
|
Enrollment Rejected
|
Triggered when a user's enrollment is rejected.
|
|
Save Investigation Results
|
Triggered when the background and fingerprint investigation results are uploaded and
saved.
|
|
Save User Registration Details
|
Triggered when the user registration or onboarding details are saved.
|
|
Submit User Enrollment Details
|
Triggered when the user enrollment details are submitted.
|
Credential Management Events
This section lists events related to the granular lifecycle management of issued credentials by both
operators and users. These events are triggered at the identity device, application, and credential
levels.
| Event Name |
Description |
|
Activate PIV Application
|
Triggered when a PIV application is activated.
|
|
Change FIDO2 Application PIN
|
Triggered when FIDO2 application's PIN is changed for ZTPass on NXP P71D600 and
Arculus
AuthentiKey cards.
|
|
Change Friendly Name of the Issued Device
|
Triggered when the friendly name of the issued device is changed on the manage
credentials page.
|
|
Change PIV Application PIN
|
Triggered when a PIV Application PIN is changed.
|
|
Delete Credential
|
Triggered when a credential is deleted.
|
|
Issue Device
|
Triggered when a device is being issued.
|
|
Reactivate Credential
|
Triggered when a credential is reactivated.
|
|
Reactivate Device
|
Triggered when a device is reactivated.
|
|
Reissue Device
|
Triggered when a device is reissued.
|
|
Remove Device
|
Triggered when a device is removed.
|
|
Renew Certificates
|
Triggered when an expired certificate is renewed.
|
|
Reset Card to Factory Settings
|
Triggered when a card is reset to factory settings.
|
|
Reset FIDO2 Application PIN
|
Triggered when FIDO2 application's PIN is reset for ZTPass on NXP P71D600 and Arculus
AuthentiKey cards.
|
|
Reset PIV Application PIN
|
Triggered when a PIV Application PIN is reset.
|
|
Reset PIV Application PIN with PUK
|
Triggered when a PIV Application PIN is reset with a PIN Unblocking Key (PUK).
|
|
Revoke Credential
|
Triggered when a credential is revoked.
|
|
Revoke Device
|
Triggered when a device is revoked
|
|
Suspend Credential
|
Triggered when a credential is suspended.
|
|
Suspend Device
|
Triggered when a device is suspended.
|