LOG-02: Audit Logs Protection

Control Family:

Logging and Monitoring

Threats Addressed:

Info icon.

Control is new to this version of the control set and incorporates the following item from the previous version: IVS-01: Audit Logging / Intrusion Detection.

Control Statement

Define, implement and evaluate processes, procedures and technical measures to ensure the security and retention of audit logs.

Implementation Guidance

Log protection methodology should be applied in adherence to any applicable legal, statutory or regulatory compliance obligations. In the absence of those requirements, they should adhere to any standards established as appropriate for the business.

Auditing Guidance

  1. Examine the organization’s log retention requirements.
  2. Evaluate the policy and technical measures with respect to effectiveness.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.