Summary

The log management must be made by the operating system or by an external system separated from the application.

Description

Log management brings several benefits to an organization. The records of events or transactions can be valuable for troubleshooting, monitoring and security analysis.
The requirement emphasizes the separation of log management from the application. This separation helps to ensure that log data is not compromised, tampered, or affected by issues within the application itself.

Supported In

This requirement is verified in following services

References

• CIS-8_5. Collect detailed audit logs
• OWASP TOP 10-A9. Security logging and monitoring failures
• CERT-J-SEC04-J. Protect sensitive operations with security manager checks
• NYDFS-500_7. Access privileges
• NYDFS-500_10. Cybersecurity personnel and intelligence
• NYDFS-500_16. Incident response plan
• PDPO-5_27. Log book to be kept by data user
• CMMC-AU_L2-3_3_1. System audit
• CMMC-AU_L2-3_3_9. Audit management
• CMMC-CM_L2-3_4_3. System change management
• CMMC-CA_L2-3_12_3. Security control monitoring
• HITRUST CSF-01_p. Secure log-on procedures
• HITRUST CSF-09_ab. Monitoring system use
• FedRAMP-AU-3_2. Centralized management of planned audit record content
• FedRAMP-AU-12_3. Audit regeneration - Changes by authorized individuals
• FedRAMP-CA-7. Continuous monitoring
• ISO/IEC 27002-5_35. Independent review of information security
• ISA/IEC 62443-TRE-6_1. Audit log accessibility
• OSSTMM3-9_3_1. Wireless security (active detection verification) - Channel monitoring
• PTES-7_4_2_12. Post exploitation - Pillaging (monitoring and management)
• OWASP SCP-7. Error handling and logging
• NIST 800-171-3_8. Protect audit information and audit logging tools from unauthorized access, modification, and deletion
• OWASP SAMM-OM. Operational Management
• OWASP ASVS-1_7_2. Errors, logging and auditing architecture
• SIG Core-M_1_14. End user device security
• SIG Core-U_1_9_8. Server security
• OWASP ASVS-7_2_2. Log processing
• OWASP ASVS-7_4_3. Error handling
• OWASP ASVS-8_1_4. General data protection
• ISO/IEC 27001-5_35. Independent review of information security
• Resolution SB 2021 2126-Art_26_11_g. Information Security
• Resolution SB 2021 2126-Art_27_17. Security in Electronic Channels
• Resolution SB 2021 2126-Art_27_18. Security in Electronic Channels
• NIST CSF-PR_PS-04. Log records are generated and made available for continuous monitoring
• NIST CSF-DE_CM-03. Personnel activity and technology usage are monitored to find potentially adverse events

Vulnerabilities

• 400.Traceability Loss - AWS
• 402.Traceability Loss - Azure
• 419.Traceability Loss - Kubernetes

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.