Logging and Monitoring Policy and Procedures from Cloud Controls Matrix framework

SAMMY UI is optimized for resolutions with a width 1024px and higher.

Audit and Assurance
Application and Interface Security
Business Continuity Management and Operational Resilience
Change Management Policy and Procedures
People
Datacenter Security
Data Security and Privacy Lifecycle Management
Governance, Risk and Compliance
Human Resources
Identity and Access Management
Interoperability and Portability
Infrastructure and Virtualization Security
Logging and Monitoring
Security Incident Management, E-Discovery, and Cloud Forensics
Supply Chain Management, Transparency, and Accountability
Threat and Vulnerability Management
Universal Endpoint Management

LOG-01: Logging and Monitoring Policy and Procedures

Logging and Monitoring Policy and Procedures

LOG-01: Are logging and monitoring policies and procedures established, documented, approved, communicated, applied, evaluated, and maintained?

The policies and procedures should include considerations regarding:
a. The purpose, scope, roles, responsibilities, and coordination among organizational entities and training.
b. How are incidents handled during a security incident?
c. What information should be logged and monitored, and for how long?
d. Who is notified in the event of an incident?

Logging and monitoring policies and procedures should capture the following events:
c. Individual user accesses to systems.
d. Actions taken by any individual with root or administrative privileges.
e. Access to all audit logs should be restricted based on need-to-know and least privilege principles.
f. Invalid access attempts.
g. Changes, additions, or deletions to accounts with root or administrative privileges.
h. Use of and changes to identification and authentication mechanisms, including elevation of privilege.
i. Initializing, stopping, or pausing of the audit logs.
j. Creation and deletion of system-level objects.

Description

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for logging and monitoring. Review and update the policies and procedures at least annually.

Logging and Monitoring Policy and Procedures

LOG-01: Are policies and procedures reviewed and updated at least annually?

Description

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for logging and monitoring. Review and update the policies and procedures at least annually.