Store logs based on valid regulation
Summary
The organization must store logs, at least, from the ocurrency of the event on the system to the time stipulated by valid regulation for that specific system.
Description
The organization must take into account the regulations that apply to its systems. Different regulations and standards may have specific requirements for log retention periods.
References
- CIS-8_5. Collect detailed audit logs
- OWASP10-A9. Security logging and monitoring failures
- CPRA-1798_104. Compliance with right to know and disclosure requirements
- NYDFS-500_6. Audit trail
- NYDFS-500_5. Penetration testing and vulnerability assessments
- PADSS-4_1. Log all user access and be able to link all activities to individual users
- PADSS-4_4. Facilitate centralized logging
- PDPO-5_27. Log book to be kept by data user
- CMMC-AC_L2-3_1_12. Control remote access
- CMMC-AU_L2-3_3_1. System audit
- HITRUST-01_p. Secure log-on procedures
- HITRUST-06_c. Protection of organizational records
- HITRUST-09_ab. Monitoring system use
- HITRUST-13_s. Privacy monitoring and auditing
- FEDRAMP-AU-3_2. Centralized management of planned audit record content
- ISO27002-5_28. Collection of evidence
- ISO27002-5_33. Protection of records
- ISO27002-8_15. Logging
- IEC62443-UC-2_9. Audit storage capacity
- IEC62443-SI-3_9. Protection of audit information
- OSSTMM3-9_17_2. Wireless security (alert and log review) - Storage and retrieval
- OSSTMM3-11_17_2. Data networks security (alert and log review) - Storage and retrieval
- ISSAF-G_12. Network security - Firewalls (port redirection)
- NIST800115-3_2. Log review
- ASVS-7_1_2. Log content
- C2M2-6_1_c. Detect cybersecurity events
- ASVS-2_8_5. One time verifier
- ISO27001-5_28. Collection of evidence
- ISO27001-5_33. Protection of records
- ISO27001-8_15. Logging
- CASA-2_8_5. One Time Verifier
- CASA-7_1_2. Log Content
- RESOLSB-Art_26_11_g. Information Security
- RESOLSB-Art_26_11_o. Information Security
- RESOLSB-Art_27_17. Security in Electronic Channels
- RESOLSB-Art_27_18. Security in Electronic Channels
- NIST-PR_PS-04. Log records are generated and made available for continuous monitoring
- NIST-DE_CM-03. Personnel activity and technology usage are monitored to find potentially adverse events
- NIST-RS_AN-07. Incident data and metadata are collected, and their integrity and provenance are preserved
Weaknesses
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
Supported In
This requirement is verified in following services
Essential Plan
Advanced Plan