LOG-07: Logging Scope

Control Family:

Logging and Monitoring

CSF v1.1 References:

Info icon.

Control is new to this version of the control set.

Control Statement

Establish, document and implement which information meta/data system events should be logged. Review and update the scope at least annually or whenever there is a change in the threat environment.

Implementation Guidance

Examples of events that should be logged include:

  1. Successful and unsuccessful account login events
  2. Account management events
  3. Object access
  4. Policy change
  5. Privilege functions
  6. Process tracking and system events
  7. All administrator activity
  8. Authentication checks
  9. Authorization checks
  10. Data deletions
  11. Data access
  12. Data changes
  13. Permission changes

Auditing Guidance

  1. Examine policy for the identification of loggable events, applications, or systems.
  2. Examine the outputs of such identification, with respect to review and approval.
  3. Examine scope for evidence of review at least annually.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.