IAM-12: Safeguard Logs Integrity

CSF v1.1 References:

PF v1.0 References:

Threats Addressed:

Info icon.

Control is new to this version of the control set.

Control Statement

Define, implement and evaluate processes, procedures and technical measures to ensure the logging infrastructure is read-only for all with write access, including privileged access roles, and that the ability to disable it is controlled through a procedure that ensures the segregation of duties and break glass procedures.

Implementation Guidance

The organization should consider the following for the control's implementation:

  1. Logs should be stored in a centralized log management solution with separation of duties maintained by an independent team if possible.
  2. Logs should be integrated with a SIEM-type solution for real-time monitoring to raise alerts in case of any violation.

Auditing Guidance

  1. Determine if processes, procedures and technical measures are defined for log management.
  2. Determine if processes, procedures and technical measures for log management include the following two requirements:
  3. the logging infrastructure is read-only for all with write access, including privileged access roles.
  4. the ability to disable and/or modify logs is controlled following separation of duties and established break glass procedures.
  5. Evaluate if the processes, procedures and technical measures for log management are implemented and consistently followed in practice.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.