Summary

The system must log the exact occurrence time (date, hour, seconds, milliseconds and time zone) for each exceptional and security event.

Description

Event logs must contain the exact time of occurrence in order to allow backtracking in an investigation.

References

• CIS-8_5. Collect detailed audit logs
• OWASP10-A9. Security logging and monitoring failures
• SOC2-P6_2. Additional criteria for privacy (related to disclosure and notification)
• SOC2-P6_3. Additional criteria for privacy (related to disclosure and notification)
• NYDFS-500_2. Cybersecurity program
• NYDFS-500_14. Training and monitoring
• PADSS-4_2_7. Creation and deletion of system-level objects
• PADSS-4_3. Payment application's audit log settings and audit log output
• CMMC-AU_L2-3_3_2. User accountability
• CMMC-AU_L2-3_3_7. Authoritative time source
• CMMC-CA_L2-3_12_3. Security control monitoring
• CMMC-SI_L2-3_14_7. Identify unauthorized use
• HITRUST-09_aa. Audit logging
• HITRUST-09_ad. Administrator and operator logs
• HITRUST-09_af. Clock synchronization
• HITRUST-13_s. Privacy monitoring and auditing
• FEDRAMP-AU-8. Time stamps
• FEDRAMP-CA-7. Continuous monitoring
• IEC62443-UC-2_11. Timestamps
• OWASPSCP-7. Error handling and logging
• BSAFSS-LO_1-3. Logging of all critical security incident and event information
• NIST800171-3_7. Synchronizes internal system clocks with an authoritative source to generate time stamps for audit records
• SWIFTCSC-6_4. Logging and monitoring
• ASVS-7_3_4. Log protection
• C2M2-5_2_c. Perform monitoring
• ASVS-7_4_2. Error handling
• CASA-9_2_5. Server Communication Security
• RESOLSB-Art_26_11_g. Information Security
• RESOLSB-Art_27_17. Security in Electronic Channels
• NIST-DE_CM-03. Personnel activity and technology usage are monitored to find potentially adverse events
• NIST-DE_AE-02. Potentially adverse events are analyzed to better understand associated activities

Weaknesses

• 408. Traceability Loss - API Gateway