LOG-04: Audit Logs Access and Accountability

Control Family:

Logging and Monitoring

CSF v1.1 References:

PF v1.0 References:

Info icon.

Control is new to this version of the control set and incorporates the following item from the previous version: IVS-01: Audit Logging / Intrusion Detection.

Control Statement

Restrict audit logs access to authorized personnel and maintain records that provide unique access accountability.

Implementation Guidance

Audit logs should track access to aid upon detection of suspicious activity and contain sufficient data to support investigative needs for security breaches. Access to all audit logs should be restricted based on need-to-know and least privilege principles. Additionally, monitor all relevant actions taken. In the case of unintended or unauthorized actions, alerts should occur.

Auditing Guidance

  1. Examine policy related to the protection of log information.
  2. Determine if the control requirements stipulated in the policy have been implemented.
  3. Examine policy related to the maintenance of access records.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.