Fluid Attacks Database

Summary

The organization must store logs, at least, from the ocurrency of the event on the system to the time stipulated by valid regulation for that specific system.

Description

The organization must take into account the regulations that apply to its systems. Different regulations and standards may have specific requirements for log retention periods.

References

CIS-8_5. Collect detailed audit logs
OWASP10-A9. Security logging and monitoring failures
CPRA-1798_104. Compliance with right to know and disclosure requirements
NYDFS-500_6. Audit trail
NYDFS-500_5. Penetration testing and vulnerability assessments
PADSS-4_1. Log all user access and be able to link all activities to individual users
PADSS-4_4. Facilitate centralized logging
PDPO-5_27. Log book to be kept by data user
CMMC-AC_L2-3_1_12. Control remote access
CMMC-AU_L2-3_3_1. System audit
HITRUST-01_p. Secure log-on procedures
HITRUST-06_c. Protection of organizational records
HITRUST-09_ab. Monitoring system use
HITRUST-13_s. Privacy monitoring and auditing
FEDRAMP-AU-3_2. Centralized management of planned audit record content
ISO27002-5_28. Collection of evidence
ISO27002-5_33. Protection of records
ISO27002-8_15. Logging
IEC62443-UC-2_9. Audit storage capacity
IEC62443-SI-3_9. Protection of audit information
OSSTMM3-9_17_2. Wireless security (alert and log review) - Storage and retrieval
OSSTMM3-11_17_2. Data networks security (alert and log review) - Storage and retrieval
ISSAF-G_12. Network security - Firewalls (port redirection)
NIST800115-3_2. Log review
ASVS-7_1_2. Log content
C2M2-6_1_c. Detect cybersecurity events
ASVS-2_8_5. One time verifier
ISO27001-5_28. Collection of evidence
ISO27001-5_33. Protection of records
ISO27001-8_15. Logging
CASA-2_8_5. One Time Verifier
CASA-7_1_2. Log Content
RESOLSB-Art_26_11_g. Information Security
RESOLSB-Art_26_11_o. Information Security
RESOLSB-Art_27_17. Security in Electronic Channels
RESOLSB-Art_27_18. Security in Electronic Channels
NIST-PR_PS-04. Log records are generated and made available for continuous monitoring
NIST-DE_CM-03. Personnel activity and technology usage are monitored to find potentially adverse events
NIST-RS_AN-07. Incident data and metadata are collected, and their integrity and provenance are preserved

Weaknesses

400. Traceability Loss - AWS
402. Traceability Loss - Azure
419. Traceability Loss - Kubernetes

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.