8.9: Centralize Audit Logs
Centralize, to the extent possible, audit log collection and retention across enterprise assets.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Network |
Detect |
2, 3 |
Dependencies
Safeguard 1.1: Establish and Maintain Detailed Enterprise Asset Inventory
Safeguard 2.1: Establish and Maintain a Software Inventory
Inputs
GV27: Assets capable of supporting loggingGV5: Authorized software inventory
Operations
Use the software inventory
GV5to identify and enumerate log aggregating softwareGV28- For each asset capable of supporting logging, check if asset is covered by at least one log aggregating software
Identify and enumerate assets covered by at least one aggregating software (M2)
Identify and enumerate assets not covered by at least one aggregating software (M3)
Measures
M1 = Count of
GV27M2 = Count of assets covered by at least one aggregating software
M3 = Count of assets not covered by at least one aggregating software
Metrics
Log Aggregating
Metric |
The percentage of log producing assets covered by aggregating
software.
|
Calculation |
|