Audit/log records are determined, documented, implemented, and reviewed in accordance with policy from Cybersecurity Fundamentals framework

SAMMY UI is optimized for resolutions with a width 1024px and higher.

Maturity Level 1

Maturity Level 2

Maturity Level 3

PR.PR-1.1

PR.PR-1.1: Logs shall be maintained, documented, and reviewed.

Ensure the activity logging functionality of protection / detection hardware or software (e.g. firewalls, anti-virus) is enabled.
Logs should be backed up and saved for a predefined period.
The logs should be reviewed for any unusual or unwanted trends, such as a large use of social media websites or an unusual number of viruses consistently found on a particular computer. These trends may indicate a more serious problem or signal the need for stronger protections in a particular area.

Description

Logs shall be maintained, documented, and reviewed.

PR.PR-1.2

PR.PR-1.2: The organization shall ensure that the log records include an authoritative time source or internal clock time stamp that are compared and synchronized to an authoritative time source.

Authoritative time sources include for example, an internal Network Time Protocol (NTP) server, radio clock, atomic clock, GPS time source.

Description

The organization shall ensure that the log records include an authoritative time source or internal clock time stamp that are compared and synchronized to an authoritative time source.

PR.PR-1.3

PR.PR-1.3: The organization shall ensure that audit processing failures on the organization's systems generate alerts and trigger defined responses.

The use of System Logging Protocol (Syslog) servers can be considered.

Description

The organization shall ensure that audit processing failures on the organization's systems generate alerts and trigger defined responses.

PR.PR-1.4

PR.PR-1.4: The organization shall enable authorized individuals to extend audit capabilities when required by events.

Description

The organization shall enable authorized individuals to extend audit capabilities when required by events.