Record exact occurrence time of events
Summary
The system must log the exact occurrence time (date, hour, seconds, milliseconds and time zone) for each exceptional and security event.
Description
Event logs must contain the exact time of occurrence in order to allow backtracking in an investigation.
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Machine | 🟢 |
| Squad | 🟢 |
References
- CIS-8_5. Collect detailed audit logs
- OWASP TOP 10-A9. Security logging and monitoring failures
- SOC2®-P6_2. Additional criteria for privacy (related to disclosure and notification)
- SOC2®-P6_3. Additional criteria for privacy (related to disclosure and notification)
- NIST Framework-DE_AE-2. Detected events are analyzed to understand attack targets and methods
- NYDFS-500_2. Cybersecurity program
- NYDFS-500_14. Training and monitoring
- PA-DSS-4_2_7. Creation and deletion of system-level objects
- PA-DSS-4_3. Payment application's audit log settings and audit log output
- CMMC-AU_L2-3_3_2. User accountability
- CMMC-AU_L2-3_3_7. Authoritative time source
- CMMC-CA_L2-3_12_3. Security control monitoring
- CMMC-SI_L2-3_14_7. Identify unauthorized use
- HITRUST CSF-09_aa. Audit logging
- HITRUST CSF-09_ad. Administrator and operator logs
- HITRUST CSF-09_af. Clock synchronization
- HITRUST CSF-13_s. Privacy monitoring and auditing
- FedRAMP-AU-8. Time stamps
- FedRAMP-CA-7. Continuous monitoring
- ISA/IEC 62443-UC-2_11. Timestamps
- OWASP SCP-7. Error handling and logging
- BSAFSS-LO_1-3. Logging of all critical security incident and event information
- NIST 800-171-3_7. Synchronizes internal system clocks with an authoritative source to generate time stamps for audit records
- SWIFT CSCF-6_4. Logging and monitoring
- OWASP ASVS-7_3_4. Log protection
- C2M2-5_2_c. Perform monitoring
- OWASP ASVS-7_4_2. Error handling
- CASA-9_2_5. Server Communication Security
- Resolution SB 2021 2126-Art_26_11_g. Information Security
- Resolution SB 2021 2126-Art_27_17. Security in Electronic Channels
Vulnerabilities
free trial
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.