The requirements are detailed in the GPG13 Protective Monitoring mandate set by CESG, the UK national technical authority for information assurance, to provide an audit trail of security relevant events.
Of those who were aware of the mandate, 80% said the mandate was poorly perceived by their boards, according to the survey of 130 public sector organisations by log management firm LogLogic.
The Good Practice Guide 13 (GPG13) framework was developed to help public sector organisations to know exactly what is happening within their ICT infrastructure in a controlled and effective manner, said Bill Roth, executive vice-president at LogLogic.
"It is a mandatory accord for all central and local government, fire, police, health and education authorities. Given the results of the survey, it seems there is still a lot of work that needs doing to bring organisations in line with requirements - not least raising awareness of the actual mandate itself", he said.
Some 28% of those who were aware of the mandate, said it was viewed purely as a costly tick in the box exercise with no obvious benefits, 26% said it was seen as a necessary evil, and 26% said their board was unaware of the mandate.
Only 20% said the mandate was seen as a positive initiative.
Despite poor awareness at board level, the research found that 68% of respondents, who were IT and security managers, felt that the mandate would actually improve accountability of users' activities.
But only 10% said they had the necessary processes in place, and 44% admitted that they were not looking at it yet.
Over a third of respondents felt that the biggest challenge to implementing GPG13 was ensuring that employees had the skills and training needed to operate the environment correctly.
This story was first published by Computer Weekly