Literary Warrant for Functional Requirement #2c
This requirement derives from the law, customs, standards and
professional best practices accepted by society and codified in the literature of different professions concerned with records and
recordkeeping. The warrant is as follows:
Citation 36 CFR PART 1234 -- Electronic Records Management. Subpart B -- Program
Requirements
Pages 1234.10
Extract The head of each Federal agency shall ensure that the management of electronic records
incorporates the following elements: .. (i) Specifying the methods of implementing controls over
national security-classified, sensitive, proprietary, and Privacy Act records stored and used
electronically.
Citation The Institute of Internal Auditors Research Foundation; Systems Auditability and Control, Module
4, Managing Computer Resources, 1991
Pages 4-103,4
Extract Controls include the following: * Procedures - Standard procedures for initially loading the
operating system - Standard procedures for applying program "patches" to correct a known problem
and for installing system revisions - Standard back-up and retention procedures for vital program
records and files - Standard procedures to control the issuance and the return of items used for
gaining physical access (e.g., keys, magnetic cards, and identification badges) - Standard procedures
prescribing retention periods for console logs and job accounting system records - Standard
procedures to govern system generation activities - Establishment and periodic testing of protection
devices (e.g., smoke and fire detection and suppression equipment and back-up electrical power) and
testing of processing under emergency situations