Prevent log modification
Summary
System logs must not allow modifications or alterations.
Description
Logs are used to analyze a system's behavior. They help detect errors and suspicious activity, and often hold very sensitive information. Therefore, they should be protected so that no unauthorized actor can modify them, since this could prevent a vulnerability or a breach from being noticed in a timely manner.
References
- CAPEC-161. Infrastructure manipulation
- OWASP10-A1. Broken access control
- CERTJ-IDS03-J. Do not log unsanitized user input
- PADSS-5_2_8. Improper access controls
- CMMC-AC_L2-3_1_7. Privileged functions
- CMMC-AU_L2-3_3_8. Audit protection
- HITRUST-06_c. Protection of organizational records
- HITRUST-09_ab. Monitoring system use
- HITRUST-09_ac. Protection of log information
- FEDRAMP-AU-12_3. Audit regeneration - Changes by authorized individuals
- FEDRAMP-CA-7. Continuous monitoring
- ISO27002-5_33. Protection of records
- ISO27002-8_15. Logging
- IEC62443-SI-3_9. Protection of audit information
- OSSTMM3-11_17_2. Data networks security (alert and log review) - Storage and retrieval
- ISSAF-H_14_7. Network security - Intrusion detection (detection engine)
- ISSAF-S_5_4. Web server security - Countermeasures (enable logging and do periodic analysis)
- PTES-7_4_2_12. Post exploitation - Pillaging (monitoring and management)
- BSAFSS-LO_2-2. Implement securely logging mechanisms
- NIST800171-3_8. Protect audit information and audit logging tools from unauthorized access, modification, and deletion
- ASVS-7_3_3. Log protection
- PCI-10_3_2. Audit logs are protected from destruction and unauthorized modifications
- SIGLITE-SL_85. Operating system and application logs relevant to supporting incident investigation protected against modification, deletion, and/or inappropriate access?
- SIG-M_1_14. End user device security
- SIG-U_1_4_2. Server security
- SIG-U_1_9_9. Server security
- ASVS-7_3_1. Log protection
- ISO27001-5_33. Protection of records
- ISO27001-8_15. Logging
- CASA-7_3_1. Log Protection
- CASA-7_3_3. Log Protection
- RESOLSB-Art_26_11_g. Information Security
- NIST-DE_AE-02. Potentially adverse events are analyzed to better understand associated activities
- NIST-RS_AN-07. Incident data and metadata are collected, and their integrity and provenance are preserved
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
Supported In
This requirement is verified in following services
Essential Plan
Advanced Plan