Establish, document and implement which information meta/data system events should be logged. Review and update the scope at least annually or whenever there is a change in the threat environment.
Examples of events that should be logged include:
- Successful and unsuccessful account login events
- Account management events
- Object access
- Policy change
- Privilege functions
- Process tracking and system events
- All administrator activity
- Authentication checks
- Authorization checks
- Data deletions
- Data access
- Data changes
- Permission changes
- Examine policy for the identification of loggable events, applications, or systems.
- Examine the outputs of such identification, with respect to review and approval.
- Examine scope for evidence of review at least annually.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.