8.5: Collect Detailed Audit Logs
Threats Addressed:
Previous Version:
- Critical Security Controls Version 7.1:
- 6.3: Enable Detailed Logging
Incorporates the following controls from the previous version: 4.8: Log and Alert on Changes to Administrative Group Membership, 4.9: Log and Alert on Unsuccessful Administrative Account Login, 16.12: Monitor Attempts to Access Deactivated Accounts.
Control Statement
Configure detailed audit logging for enterprise assets containing sensitive data. Include event source, date, username, timestamp, source addresses, destination addresses, and other useful elements that could assist in a forensic investigation.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]