LOG-13: Failures and Anomalies Reporting

Control Family:

Logging and Monitoring

CSF v1.1 References:

Info icon.

Control is new to this version of the control set and incorporates the following item from the previous version: SEF-03: Incident Reporting.

Control Statement

Define, implement and evaluate processes, procedures and technical measures for the reporting of anomalies and failures of the monitoring system and provide immediate notification to the accountable party.

Implementation Guidance

The organization should define which actions are taken depending on the type of logging and monitoring failure. Anomalies can include software errors, failures to capture some or all logs, failure to backup audit logs, or storage exceeded notifications. This guidance should apply to all information system logs. Organizations must implement a process for the timely detection and reporting of failures of critical security control systems, such as (but limited to):

  1. Firewalls
  2. Intrusion detection systems (IDS)/intrusion prevention systems (IPS)
  3. File integrity monitoring (FIM)
  4. Anti-virus
  5. Physical access controls
  6. Logical access controls
  7. Audit logging mechanisms

Auditing Guidance

  1. Examine the policy for reporting of anomalies and failures of the monitoring system.
  2. Examine the process for identifying accountable parties.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.