3.14: Log Sensitive Data Access
Log sensitive data access, including modification and disposal.
Asset Type |
Security Function |
Implementation Groups |
---|---|---|
Data |
Detect |
3 |
Dependencies
Safeguard 1.1: Establish and Maintain Detailed Enterprise Asset Inventory
Safeguard 2.1: Establish and Maintain a Software Inventory
Safeguard 4.1: Establish and Maintain a Secure Configuration Process
Inputs
GV5
: Authorized software inventoryGV19
: Enterprise assets storing sensitive dataGV3
: Configuration Standards
Operations
Using
GV3
identify authorized logging software- For each asset in
GV19
, use the output from Operation 1 Identify and enumerate assets with logging software installed (M2)
Identify and enumerate assets that do not have logging software installed (M3)
- For each asset in
- For logging software installed check configuration using
GV3
Identify and enumerate software that is properly configured (M4)
Identify and enumerate software that is improperly configured (M5)
- For logging software installed check configuration using
Measures
M1 = Count of
GV19
M2 = Count of assets storing sensitive data with logging software
M3 = Count of assets storing sensitive data without logging software
M4 = Count of assets with properly configured logging
M5 = Count of assets with imporperly configured logging