8.2: Collect Audit Logs
Collect audit logs. Ensure that logging, per the enterprise’s audit log management process, has been enabled across enterprise assets.
Asset Type |
Security Function |
Implementation Groups |
---|---|---|
Network |
Detect |
1, 2, 3 |
Dependencies
Safeguard 1.1: Establish and Maintain Detailed Enterprise Asset Inventory
Safeguard 4.1: Establish and Maintain a Secure Configuration Process
Safeguard 8.1: Establish and Maintain an Audit Log Management Process
Inputs
GV1
: Enterprise asset inventoryGV3
: Configuration standardsGV26
: Enterprise’s audit log management process
Operations
Use
GV1
to identify and enumerate assets capable of supporting loggingGV27
(M1)- Use
GV26
andGV3
as guides to determine, for each asset identifed in Operation 1 is configured to log events as outlined by the enterprise’s process Identify and enumerate assets properly configured to log events per the process (M2)
Identify and enumerate assets not properly configured to log events per the process (M3)
- Use
Measures
M1 = Count of assets capable of supporting logging
M2 = Count of properly configured assets to log events per the audit log management process
M3 = Count of assets not properly configured to log events per the audit log management process
Metrics
Coverage
Metric |
The ratio of logging capable assets properly configured per the
audit log management process.
|
Calculation |
|