378 – Use of log management system

Summary

The log management must be made by the operating system or by an external system separated from the application.

Description

Log management brings several benefits to an organization. The records of events or transactions can be valuable for troubleshooting, monitoring and security analysis. The requirement emphasizes the separation of log management from the application. This separation helps to ensure that log data is not compromised, tampered, or affected by issues within the application itself.

Supported In

Essential: True

Advanced: True

References

• CIS-8_5. Collect detailed audit logs
• OWASP10-A9. Security logging and monitoring failures
• CERTJ-SEC04-J. Protect sensitive operations with security manager checks
• NYDFS-500_7. Access privileges
• NYDFS-500_10. Cybersecurity personnel and intelligence
• NYDFS-500_16. Incident response plan
• PDPO-5_27. Log book to be kept by data user
• CMMC-AU_L2-3_3_1. System audit
• CMMC-AU_L2-3_3_9. Audit management
• CMMC-CM_L2-3_4_3. System change management
• CMMC-CA_L2-3_12_3. Security control monitoring
• HITRUST-01_p. Secure log-on procedures
• HITRUST-09_ab. Monitoring system use
• FEDRAMP-AU-3_2. Centralized management of planned audit record content
• FEDRAMP-AU-12_3. Audit regeneration - Changes by authorized individuals
• FEDRAMP-CA-7. Continuous monitoring
• ISO27002-5_35. Independent review of information security
• IEC62443-TRE-6_1. Audit log accessibility
• OSSTMM3-9_3_1. Wireless security (active detection verification) - Channel monitoring
• PTES-7_4_2_12. Post exploitation - Pillaging (monitoring and management)
• OWASPSCP-7. Error handling and logging
• NIST800171-3_8. Protect audit information and audit logging tools from unauthorized access, modification, and deletion
• OSAMM-OM. Operational Management
• ASVS-1_7_2. Errors, logging and auditing architecture
• SIG-M_1_14. End user device security
• SIG-U_1_9_8. Server security
• ASVS-7_2_2. Log processing
• ASVS-7_4_3. Error handling
• ASVS-8_1_4. General data protection
• ISO27001-5_35. Independent review of information security
• RESOLSB-Art_26_11_g. Information Security
• RESOLSB-Art_27_17. Security in Electronic Channels
• RESOLSB-Art_27_18. Security in Electronic Channels
• NIST-PR_PS-04. Log records are generated and made available for continuous monitoring
• NIST-DE_CM-03. Personnel activity and technology usage are monitored to find potentially adverse events

Weaknesses

• 400 – Traceability Loss - AWS
• 402 – Traceability Loss - Azure
• 419 – Traceability Loss - Kubernetes

Last updated

2024/03/05