Register severity level
Summary
The system must register the severity level for each exceptional and security event.
Description
The system must implement a rigorous log methodology. Event logging is a fundamental practice in information security and system monitoring. It enables organizations to prioritize actions, respond adequately to critical incidents, and maintain a comprehensive record of security events for analysis, reporting, and even compliance purposes. Severity levels are used to categorize the importance or impact of an event. They typically go, for example, from low to high, with each level indicating the urgency or criticality of the event.
References
- CIS-8_5. Collect detailed audit logs
- CWE-221. Information loss or omission
- CWE-223. Omission of security-relevant information
- CWE-778. Insufficient logging
- OWASP10-A9. Security logging and monitoring failures
- NYDFS-500_6. Audit trail
- NYDFS-500_5. Penetration testing and vulnerability assessments
- PDPA-6A_26D. Duty to notify occurrence of notifiable data breach
- CMMC-AU_L2-3_3_1. System audit
- CMMC-CA_L2-3_12_3. Security control monitoring
- CMMC-SI_L2-3_14_7. Identify unauthorized use
- HITRUST-09_aa. Audit logging
- HITRUST-13_s. Privacy monitoring and auditing
- FEDRAMP-AC-2_12. Account management - Account monitoring, atypical usage
- FEDRAMP-CA-2_2. Security assessment - Specialized assessments
- FEDRAMP-CA-7. Continuous monitoring
- ISO27002-8_16. Monitoring activities
- OSSTMM3-11_17_2. Data networks security (alert and log review) - Storage and retrieval
- NISTSSDF-PO_5_1. Implement and maintain secure environments for software development
- ISSAF-F_5_1. Network security - Router security assessment (turn on logging)
- ISSAF-T_19_2. Web application assessment - Global Countermeasures (server-side)
- PTES-5_3_2. Vulnerability analysis - Traffic monitoring
- MVSP-2_7. Application design controls - Logging
- OWASPSCP-7. Error handling and logging
- BSAFSS-LO_1-3. Logging of all critical security incident and event information
- NIST800171-4_3. Track, review and log changes to organizational systems
- NIST800115-3_2. Log review
- SWIFTCSC-6_4. Logging and monitoring
- C2M2-2_1_j. Reduce cybersecurity vulnerabilities
- C2M2-5_2_d. Perform monitoring
- SIGLITE-SL_85. Operating system and application logs relevant to supporting incident investigation protected against modification, deletion, and/or inappropriate access?
- SIG-U_1_4. Server security
- ISO27001-8_16. Monitoring activities
- NIST-DE_CM-01. Networks and network services are monitored to find potentially adverse events
- NIST-DE_CM-03. Personnel activity and technology usage are monitored to find potentially adverse events
- NIST-DE_AE-02. Potentially adverse events are analyzed to better understand associated activities
Weaknesses
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
Supported In
This requirement is verified in following services
Essential Plan
Advanced Plan