377 – Store logs based on valid regulation

Summary

The organization must store logs, at least, from the ocurrency of the event on the system to the time stipulated by valid regulation for that specific system.

Description

The organization must take into account the regulations that apply to its systems. Different regulations and standards may have specific requirements for log retention periods.

Supported In

Essential: True

Advanced: True

References

• CIS-8_5. Collect detailed audit logs
• OWASP10-A9. Security logging and monitoring failures
• CPRA-1798_104. Compliance with right to know and disclosure requirements
• NYDFS-500_6. Audit trail
• NYDFS-500_5. Penetration testing and vulnerability assessments
• PADSS-4_1. Log all user access and be able to link all activities to individual users
• PADSS-4_4. Facilitate centralized logging
• PDPO-5_27. Log book to be kept by data user
• CMMC-AC_L2-3_1_12. Control remote access
• CMMC-AU_L2-3_3_1. System audit
• HITRUST-01_p. Secure log-on procedures
• HITRUST-06_c. Protection of organizational records
• HITRUST-09_ab. Monitoring system use
• HITRUST-13_s. Privacy monitoring and auditing
• FEDRAMP-AU-3_2. Centralized management of planned audit record content
• ISO27002-5_28. Collection of evidence
• ISO27002-5_33. Protection of records
• ISO27002-8_15. Logging
• IEC62443-UC-2_9. Audit storage capacity
• IEC62443-SI-3_9. Protection of audit information
• OSSTMM3-9_17_2. Wireless security (alert and log review) - Storage and retrieval
• OSSTMM3-11_17_2. Data networks security (alert and log review) - Storage and retrieval
• ISSAF-G_12. Network security - Firewalls (port redirection)
• NIST800115-3_2. Log review
• ASVS-7_1_2. Log content
• C2M2-6_1_c. Detect cybersecurity events
• ASVS-2_8_5. One time verifier
• ISO27001-5_28. Collection of evidence
• ISO27001-5_33. Protection of records
• ISO27001-8_15. Logging
• CASA-2_8_5. One Time Verifier
• CASA-7_1_2. Log Content
• RESOLSB-Art_26_11_g. Information Security
• RESOLSB-Art_26_11_o. Information Security
• RESOLSB-Art_27_17. Security in Electronic Channels
• RESOLSB-Art_27_18. Security in Electronic Channels
• NIST-PR_PS-04. Log records are generated and made available for continuous monitoring
• NIST-DE_CM-03. Personnel activity and technology usage are monitored to find potentially adverse events
• NIST-RS_AN-07. Incident data and metadata are collected, and their integrity and provenance are preserved

Weaknesses

• 400 – Traceability Loss - AWS
• 402 – Traceability Loss - Azure
• 419 – Traceability Loss - Kubernetes

Last updated

2024/03/05