LOG-05: Audit Logs Monitoring and Response

Control Family:

Logging and Monitoring

PF v1.0 References:

Info icon.

Control is new to this version of the control set.

Control Statement

Monitor security audit logs to detect activity outside of typical or expected patterns. Establish and follow a defined process to review and take appropriate and timely actions on detected anomalies.

Implementation Guidance

Failure response capabilities should be in place. Also, consider infrastructure layers (e.g., network, container orchestration, hypervisor, endpoint, control plane, and data plane). Monitor failures and alerts should they occur.

Auditing Guidance

  1. Examine policy for the monitoring of audit logs.
  2. Determine if policy and patterns have been established for anomalous activities.
  3. Examine policy for the review of, and timely action on anomalies.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.