PR.PS-04: Log records are generated and made available for continuous monitoring

Info icon.

Subcategory is new to this version of the framework and incorporates the following item from the previous version: PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.

Description

[csf.tools Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Configure all operating systems, applications, and services (including cloud-based services) to generate log records

Ex2: Configure log generators to securely share their logs with the organization's logging infrastructure systems and services

Ex3: Configure log generators to record the data needed by zero-trust architectures