>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SM-02Secure Audit Logging

>Control Description

Organization logs critical information system activity to a secure repository. Organization disables administrators ability to delete or modify enterprise audit logs; the number of administrators with access to audit logs is limited.

Theme

Process

Type

Detective

Policy/Standard

Logging & Monitoring Standard

>Implementation Guidance

1. Ensure that Organization's Logging Standard includes logging requirements for critical system activity to mandate log forwarding and storage in a central repository. 2. Establish a process for periodic review of appropriate access of the administrators to SIEM tool. 3.Ensure that only a defined list of users are allowed to delete/modified SIEM logs.

>Testing Procedure

1. Inspect Organization's Logging Standard to determine whether logging requirements are defined for critical system activity to mandate log forwarding and storage in a central repository. 2. Inspect the list of SIEM tool Administrators and validate that their access is appropriate. 3. Validate the list of users allowed to delete/modified SIEM tool logs and ensure it is restricted.

>Audit Artifacts

E-SM-01
E-SM-04

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
8

8.2
8.5
8.6
8.7
8.8
8.9
+2 more

FedRAMP Rev 5
2

AU-06 (03)
AU-07

PCI DSS
5

10.3
10.3.1
10.3.2
10.3.3
10.3.4

BSI C5
1

OPS-16

Ask AI

Configure your API key to use AI features.