322 – Avoid excessive logging

Summary

The system must not register unnecessary information when logging exceptional events.

Description

While event logging is generally a good security practice, the organization must consider that using high logging levels is only appropriate for development environments, since having too much log information in production stages may hinder the performance of a system administrator in detecting abnormal conditions. This may imply that both the attacker and the attack be able to remain hidden while trying to penetrate the system, the audit trail in a forensic analysis be reduced, or the debugging of issues in production environments be hindered.

Supported In

Advanced: True

References

• CWE-779. Logging of excessive data
• NYDFS-500_6. Audit trail
• MITRE-M1047. Audit
• CMMC-AU_L2-3_3_3. Event review
• HITRUST-09_h. Capacity management
• HITRUST-09_ab. Monitoring system use
• FEDRAMP-AU-12_3. Audit regeneration - Changes by authorized individuals
• ISO27002-8_25. Secure development lifecycle
• LGPD-18_IV. Data Subjects Rights
• IEC62443-UC-2_9. Audit storage capacity
• OSSTMM3-11_9_3. Data networks security - Limitations mapping
• NIST800171-3_6. Provide audit record reduction
• NIST800115-3_2. Log review
• ASVS-7_1_4. Log content
• SIG-U_1_4. Server security
• ISO27001-8_25. Secure development lifecycle

Last updated

2023/09/18