8.3: Ensure Adequate Audit Log Storage

Ensure that logging destinations maintain adequate storage to comply with the enterprise’s audit log management process.

Asset Type	Security Function	Implementation Groups
Network	Protect	1, 2, 3

Dependencies

Safeguard 1.1: Establish and Maintain Detailed Enterprise Asset Inventory

Inputs

GV27: Assets capable of supporting logging
GV26: Enterprise’s audit log management process

Assumptions

It is assumed that if the an asset is properly configured to meet the retention policy, that would include log rotation, maximum storage size, etc.

Operations

For each asset in GV27 collect the asset’s logging configuration
Compare the output of Operation 1 and the retention portion of G26
1. Identify and enumerate assets configured to comply with the retention portion of the process (M2)
2. Identify and enumerate assets not configured to comply with the retention portion of the process (M3)

Measures

M1 = Count of GV27 assets capable of supporting logging
M2 = Count of assets properly configured to meet retention requirements
M3 = Count of assets not properly configured to meet retention requirements

Metrics

Logging Storage Coverage

Read the Docs v: latest

Versions: latest; stable

Downloads

On Read the Docs: Project Home; Builds