Use of log management system
Summary
The log management must be made by the operating system or by an external system separated from the application.
Description
Log management brings several benefits to an organization. The records of events or transactions can be valuable for troubleshooting, monitoring and security analysis. The requirement emphasizes the separation of log management from the application. This separation helps to ensure that log data is not compromised, tampered, or affected by issues within the application itself.
References
- CIS-8_5. Collect detailed audit logs
- OWASP10-A9. Security logging and monitoring failures
- CERTJ-SEC04-J. Protect sensitive operations with security manager checks
- NYDFS-500_7. Access privileges
- NYDFS-500_10. Cybersecurity personnel and intelligence
- NYDFS-500_16. Incident response plan
- PDPO-5_27. Log book to be kept by data user
- CMMC-AU_L2-3_3_1. System audit
- CMMC-AU_L2-3_3_9. Audit management
- CMMC-CM_L2-3_4_3. System change management
- CMMC-CA_L2-3_12_3. Security control monitoring
- HITRUST-01_p. Secure log-on procedures
- HITRUST-09_ab. Monitoring system use
- FEDRAMP-AU-3_2. Centralized management of planned audit record content
- FEDRAMP-AU-12_3. Audit regeneration - Changes by authorized individuals
- FEDRAMP-CA-7. Continuous monitoring
- ISO27002-5_35. Independent review of information security
- IEC62443-TRE-6_1. Audit log accessibility
- OSSTMM3-9_3_1. Wireless security (active detection verification) - Channel monitoring
- PTES-7_4_2_12. Post exploitation - Pillaging (monitoring and management)
- OWASPSCP-7. Error handling and logging
- NIST800171-3_8. Protect audit information and audit logging tools from unauthorized access, modification, and deletion
- OSAMM-OM. Operational Management
- ASVS-1_7_2. Errors, logging and auditing architecture
- SIG-M_1_14. End user device security
- SIG-U_1_9_8. Server security
- ASVS-7_2_2. Log processing
- ASVS-7_4_3. Error handling
- ASVS-8_1_4. General data protection
- ISO27001-5_35. Independent review of information security
- RESOLSB-Art_26_11_g. Information Security
- RESOLSB-Art_27_17. Security in Electronic Channels
- RESOLSB-Art_27_18. Security in Electronic Channels
- NIST-PR_PS-04. Log records are generated and made available for continuous monitoring
- NIST-DE_CM-03. Personnel activity and technology usage are monitored to find potentially adverse events
Weaknesses
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
Supported In
This requirement is verified in following services
Essential Plan
Advanced Plan