Skip to main content

Hello,

I have been looking into how to trace the download and/or print of document revisions. I have been looking at report archive and that appears to only log operational reports. Is there a way to track what is being printed or downloaded from document revisions?

Have a look at the File Operation Log screen and see if it has the information you need.

Can you tell us the purpose of the "tracing"? We might have other options as well, depending on your needs.
 


I have taken a look there and found that view/download/print all display as “read”. I can work with that to a certain extent but would be great to know when someone is printing a document out of the system and have it displayed as “printed”. I will have to review the File Operation Log some more and see how well that can work for me.


@CAMHDMS 

That's correct.

For the purposes of which we added File Operation Log (SOX) it was enough to say if a user read the information or wrote it. Call it download/upload, if you want.

The only way I can think of that let's you log if a user printed a document would be to install a document macro that executes when the Print command is used. You would need to then take care of the actual printing yourself, since that's how it's done when macros are used, as well as logging the event somewhere.

I'm curious: Why is it important to know a user printed the document compared to having viewed/read it?
 


This is important for my company as we are working on CMMC level 1 compliance at the moment and need to have full control and traceability of FCI and CUI. I need to properly execute least privileged access and have history traceability for those that do have access. For how it relates to IFS I need to be able to track down who would have printed classified documents out of the system at any given time.


@CAMHDMS 

Thanks! Sounds similar to some of the requirements from SOX then, but perhaps the purposes are different (I haven't heard about CMMC before, so I cannot say.)

I'm sure you just need to try and adhere to those regulations, but I think they are too granular. How can we ensure the user actually printed the document? Is it proof enough that they clicked Print Document in IFS? How do we know the document was actually send to the printer? What if the printer ran out of paper? What if they send a copy of the document to their private e-mail and print it at home? Or take a picture of it from their mobile phone and ... and so on 🙂

My point is that what we CAN track, with a great deal of certainty, is the reading and writing of the documents/files and that it's good enough. 

At least we cannot do better without building in a much "stronger" ways of tracking things like printing. It's probably quite hard to get working considering we need to be in complete control of the printing process, from the it's initiation to when the paper leaves the printer. I'm sure there are systems that allows control or tracing in this level of detail, but I don't see it being added to IFS. Then again, who knows? 🤷 🙂 

Anyway, thanks for the explanation, I hope it's clear what you can and cannot do now when it comes to tracing the printing of documents.

Good luck!
 


I can completely understand that. I am planning on discussing this finding with my Cyber Security consultant when he returns and hope that this is sufficient. I greatly appreciate your assistance. Thank you!


Reply