Register severity level
Summary
The system must register the severity level for each exceptional and security event.
Description
empty
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Machine | 🟢 |
| Squad | 🟢 |
References
- CIS-8_5. Collect detailed audit logs
- CWE™-221. Information loss or omission
- CWE™-223. Omission of security-relevant information
- CWE™-778. Insufficient logging
- OWASP TOP 10-A9. Security logging and monitoring failures
- NIST Framework-DE_AE-2. Detected events are analyzed to understand attack targets and methods
- NIST Framework-DE_CM-1. The network is monitored to detect potential cybersecurity events
- NYDFS-500_6. Audit trail
- NYDFS-500_5. Penetration testing and vulnerability assessments
- PDPA-6A_26D. Duty to notify occurrence of notifiable data breach
- CMMC-AU_L2-3_3_1. System audit
- CMMC-CA_L2-3_12_3. Security control monitoring
- CMMC-SI_L2-3_14_7. Identify unauthorized use
- HITRUST CSF-09_aa. Audit logging
- HITRUST CSF-13_s. Privacy monitoring and auditing
- FedRAMP-AC-2_12. Account management - Account monitoring, atypical usage
- FedRAMP-CA-2_2. Security assessment - Specialized assessments
- FedRAMP-CA-7. Continuous monitoring
- ISO/IEC 27002-8_16. Monitoring activities
- OSSTMM3-11_17_2. Data networks security (alert and log review) - Storage and retrieval
- NIST SSDF-PO_5_1. Implement and maintain secure environments for software development
- ISSAF-F_5_1. Network security - Router security assessment (turn on logging)
- ISSAF-T_19_2. Web application assessment - Global Countermeasures (server-side)
- PTES-5_3_2. Vulnerability analysis - Traffic monitoring
- MVSP-2_7. Application design controls - Logging
- OWASP SCP-7. Error handling and logging
- BSAFSS-LO_1-3. Logging of all critical security incident and event information
- NIST 800-171-4_3. Track, review and log changes to organizational systems
- NIST 800-115-3_2. Log review
- SWIFT CSCF-6_4. Logging and monitoring
- C2M2-2_1_j. Reduce cybersecurity vulnerabilities
- C2M2-5_2_d. Perform monitoring
- SIG Lite-SL_85. Operating system and application logs relevant to supporting incident investigation protected against modification, deletion, and/or inappropriate access?
- SIG Core-U_1_4. Server security
- OWASP API Security Top 10-API10. Insufficient Logging & Monitoring
- ISO/IEC 27001-8_16. Monitoring activities
Vulnerabilities
- 400. Traceability Loss - AWS
- 402. Traceability Loss - Azure
- 408. Traceability Loss - API Gateway
- 419. Traceability Loss - Kubernetes
free trial
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.