Avoid excessive logging
Summary
The system must not register unnecessary information when logging exceptional events.
Description
While event logging is generally a good security practice, the organization must consider that using high logging levels is only appropriate for development environments, since having too much log information in production stages may hinder the performance of a system administrator in detecting abnormal conditions. This may imply that both the attacker and the attack be able to remain hidden while trying to penetrate the system, the audit trail in a forensic analysis be reduced, or the debugging of issues in production environments be hindered.
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Essential | 🔴 |
| Advanced | 🟢 |
References
- CWE™-779. Logging of excessive data
- NYDFS-500_6. Audit trail
- MITRE ATT&CK®-M1047. Audit
- CMMC-AU_L2-3_3_3. Event review
- HITRUST CSF-09_h. Capacity management
- HITRUST CSF-09_ab. Monitoring system use
- FedRAMP-AU-12_3. Audit regeneration - Changes by authorized individuals
- ISO/IEC 27002-8_25. Secure development lifecycle
- LGPD-18_IV. Data Subjects Rights
- ISA/IEC 62443-UC-2_9. Audit storage capacity
- OSSTMM3-11_9_3. Data networks security - Limitations mapping
- NIST 800-171-3_6. Provide audit record reduction
- NIST 800-115-3_2. Log review
- OWASP ASVS-7_1_4. Log content
- SIG Core-U_1_4. Server security
- ISO/IEC 27001-8_25. Secure development lifecycle
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.