Register severity level

Summary

The system must register the severity level for each exceptional and security event.

Description

The system must implement a rigorous log methodology. Event logging is a fundamental practice in information security and system monitoring. It enables organizations to prioritize actions, respond adequately to critical incidents, and maintain a comprehensive record of security events for analysis, reporting, and even compliance purposes. Severity levels are used to categorize the importance or impact of an event. They typically go, for example, from low to high, with each level indicating the urgency or criticality of the event.

Supported In

This requirement is verified in following services

Plan	Supported
Essential	🟢
Advanced	🟢

References

• CIS-8_5. Collect detailed audit logs
• CWE™-221. Information loss or omission
• CWE™-223. Omission of security-relevant information
• CWE™-778. Insufficient logging
• OWASP TOP 10-A9. Security logging and monitoring failures
• NYDFS-500_6. Audit trail
• NYDFS-500_5. Penetration testing and vulnerability assessments
• PDPA-6A_26D. Duty to notify occurrence of notifiable data breach
• CMMC-AU_L2-3_3_1. System audit
• CMMC-CA_L2-3_12_3. Security control monitoring
• CMMC-SI_L2-3_14_7. Identify unauthorized use
• HITRUST CSF-09_aa. Audit logging
• HITRUST CSF-13_s. Privacy monitoring and auditing
• FedRAMP-AC-2_12. Account management - Account monitoring, atypical usage
• FedRAMP-CA-2_2. Security assessment - Specialized assessments
• FedRAMP-CA-7. Continuous monitoring
• ISO/IEC 27002-8_16. Monitoring activities
• OSSTMM3-11_17_2. Data networks security (alert and log review) - Storage and retrieval
• NIST SSDF-PO_5_1. Implement and maintain secure environments for software development
• ISSAF-F_5_1. Network security - Router security assessment (turn on logging)
• ISSAF-T_19_2. Web application assessment - Global Countermeasures (server-side)
• PTES-5_3_2. Vulnerability analysis - Traffic monitoring
• MVSP-2_7. Application design controls - Logging
• OWASP SCP-7. Error handling and logging
• BSAFSS-LO_1-3. Logging of all critical security incident and event information
• NIST 800-171-4_3. Track, review and log changes to organizational systems
• NIST 800-115-3_2. Log review
• SWIFT CSCF-6_4. Logging and monitoring
• C2M2-2_1_j. Reduce cybersecurity vulnerabilities
• C2M2-5_2_d. Perform monitoring
• SIG Lite-SL_85. Operating system and application logs relevant to supporting incident investigation protected against modification, deletion, and/or inappropriate access?
• SIG Core-U_1_4. Server security
• ISO/IEC 27001-8_16. Monitoring activities
• NIST CSF-DE_CM-01. Networks and network services are monitored to find potentially adverse events
• NIST CSF-DE_CM-03. Personnel activity and technology usage are monitored to find potentially adverse events
• NIST CSF-DE_AE-02. Potentially adverse events are analyzed to better understand associated activities

Vulnerabilities

• 400. Traceability Loss - AWS
• 402. Traceability Loss - Azure
• 408. Traceability Loss - API Gateway
• 419. Traceability Loss - Kubernetes

free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.