Generate audit records containing relevant security information.
Relevant security log information should include but is not limited to:
- The event type
- The event time
- The event location
- The event source
- The event outcome
- The identities of any individuals or systems associated with the event
- Examine policy related to audit logging and determine if it includes requirements to generate audit records containing relevant security information.
- Examine audit records and determine if they adequately reflect the policy.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.