LOG: Logging and Monitoring

Controls

LOG-02: Audit Logs Protection

Define, implement and evaluate processes, procedures and technical measures to ensure the security and retention of audit logs.

LOG-03: Security Monitoring and Alerting

Identify and monitor security-related events within applications and the underlying infrastructure. Define and implement a system to generate alerts to responsible stakeholders based on such events and corresponding metrics.

LOG-05: Audit Logs Monitoring and Response

Monitor security audit logs to detect activity outside of typical or expected patterns. Establish and follow a defined process to review and take appropriate and timely actions on detected anomalies.

LOG-07: Logging Scope

Establish, document and implement which information meta/data system events should be logged. Review and update the scope at least annually or whenever there is a change in the threat environment.

LOG-09: Log Protection

The information system protects audit records from unauthorized access, modification, and deletion.

LOG-10: Encryption Monitoring and Reporting

Establish and maintain a monitoring and internal reporting capability over the operations of cryptographic, encryption and key management policies, processes, procedures, and controls.

LOG-13: Failures and Anomalies Reporting

Define, implement and evaluate processes, procedures and technical measures for the reporting of anomalies and failures of the monitoring system and provide immediate notification to the accountable party.