8.5: Collect Detailed Audit Logs
Configure detailed audit logging for enterprise assets containing sensitive data. Include event source, date, username, timestamp, source addresses, destination addresses, and other useful elements that could assist in a forensic investigation.
Asset Type |
Security Function |
Implementation Groups |
---|---|---|
Network |
Detect |
2, 3 |
Dependencies
Safeguard 1.1: Establish and Maintain Detailed Enterprise Asset Inventory
Inputs
GV18
: Enterprise assets storing, processing, and transmitting sensitive dataGV26
: Enterprise’s audit log management processGV3
: Configuration standards
Operations
- Review
GV26
for detailed logging requirements such as event source, date, username, timestamp, source addresses, and destination addresses. For each detailed logging requirement included, assign a value of 1. Sum all requirements included. (M2)
- Review
- For each asset in
GV18
check configuraions usingGV3
as a guide Identify and enumerate assets properly configured to collect detailed logging requirements (M3)
Identify and enumerate assets not properly configured to collect detailed logging requirements (M4)
- For each asset in
Measures
M1 = Count of assets capable of supporting logging
GV27
M2 = Count of detailed logging requirements included in log management process
M3 = Count of assets properly configured to collect detailed logs
M4 = Count of assets not properly configured to collect detailed logs