Summary

The system must not register unnecessary information when logging exceptional events.

Description

While event logging is generally a good security practice, the organization must consider that using high logging levels is only appropriate for development environments, since having too much log information in production stages may hinder the performance of a system administrator in detecting abnormal conditions. This may imply that both the attacker and the attack be able to remain hidden while trying to penetrate the system, the audit trail in a forensic analysis be reduced, or the debugging of issues in production environments be hindered.

Supported In

This requirement is verified in following services

References

• CWE™-779. Logging of excessive data
• NYDFS-500_6. Audit trail
• MITRE ATT&CK®-M1047. Audit
• CMMC-AU_L2-3_3_3. Event review
• HITRUST CSF-09_h. Capacity management
• HITRUST CSF-09_ab. Monitoring system use
• FedRAMP-AU-12_3. Audit regeneration - Changes by authorized individuals
• ISO/IEC 27002-8_25. Secure development lifecycle
• LGPD-18_IV. Data Subjects Rights
• ISA/IEC 62443-UC-2_9. Audit storage capacity
• OSSTMM3-11_9_3. Data networks security - Limitations mapping
• NIST 800-171-3_6. Provide audit record reduction
• NIST 800-115-3_2. Log review
• OWASP ASVS-7_1_4. Log content
• SIG Core-U_1_4. Server security
• ISO/IEC 27001-8_25. Secure development lifecycle

Vulnerabilities

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.