RA-5(8): Review Historic Audit Logs

Control Family:

Risk Assessment

Parent Control:

RA-5: Vulnerability Monitoring and Scanning

CSF v1.1 References:

ID.RA-1
PR.IP-12
DE.AE-2
DE.CM-8
DE.DP-4
DE.DP-5
RS.AN-1
RS.MI-3

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
RA-5(8): Review Historic Audit Logs

Control Statement

Review historic audit logs to determine if a vulnerability identified in a [Assignment: organization-defined system] has been previously exploited within an [Assignment: organization-defined time period].

Supplemental Guidance

Reviewing historic audit logs to determine if a recently detected vulnerability in a system has been previously exploited by an adversary can provide important information for forensic analyses. Such analyses can help identify, for example, the extent of a previous intrusion, the trade craft employed during the attack, organizational information exfiltrated or modified, mission or business capabilities affected, and the duration of the attack.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5