13.1: Centralize Security Event Alerting
Previous Version:
- Critical Security Controls Version 7.1:
- 6.6: Deploy SIEM or Log Analytic Tools
Control Statement
Centralize security event alerting across enterprise assets for log correlation and analysis. Best practice implementation requires the use of a SIEM, which includes vendor-defined event correlation alerts. A log analytics platform configured with security-relevant correlation alerts also satisfies this Safeguard.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]