Store logs based on valid regulation

Summary

The organization must store logs, at least, from the ocurrency of the event on the system to the time stipulated by valid regulation for that specific system.

Description

empty

Supported In

This requirement is verified in following services

Plan	Supported
Machine	🟢
Squad	🟢

References

• CIS-8_5. Collect detailed audit logs
• OWASP TOP 10-A9. Security logging and monitoring failures
• NIST Framework-PR_PT-1. Audit/log records are determined, documented, implemented and reviewed in accordance with policy
• CPRA-1798_104. Compliance with right to know and disclosure requirements
• NYDFS-500_6. Audit trail
• NYDFS-500_5. Penetration testing and vulnerability assessments
• PA-DSS-4_1. Log all user access and be able to link all activities to individual users
• PA-DSS-4_4. Facilitate centralized logging
• PDPO-5_27. Log book to be kept by data user
• CMMC-AC_L2-3_1_12. Control remote access
• CMMC-AU_L2-3_3_1. System audit
• HITRUST CSF-01_p. Secure log-on procedures
• HITRUST CSF-06_c. Protection of organizational records
• HITRUST CSF-09_ab. Monitoring system use
• HITRUST CSF-13_s. Privacy monitoring and auditing
• FedRAMP-AU-3_2. Centralized management of planned audit record content
• ISO/IEC 27002-5_28. Collection of evidence
• ISO/IEC 27002-5_33. Protection of records
• ISO/IEC 27002-8_15. Logging
• ISA/IEC 62443-UC-2_9. Audit storage capacity
• ISA/IEC 62443-SI-3_9. Protection of audit information
• OSSTMM3-9_17_2. Wireless security (alert and log review) - Storage and retrieval
• OSSTMM3-11_17_2. Data networks security (alert and log review) - Storage and retrieval
• ISSAF-G_12. Network security - Firewalls (port redirection)
• NIST 800-115-3_2. Log review
• OWASP ASVS-7_1_2. Log content
• C2M2-6_1_c. Detect cybersecurity events
• OWASP ASVS-2_8_5. One time verifier
• OWASP API Security Top 10-API10. Insufficient Logging & Monitoring
• ISO/IEC 27001-5_28. Collection of evidence
• ISO/IEC 27001-5_33. Protection of records
• ISO/IEC 27001-8_15. Logging
• CASA-2_8_5. One Time Verifier
• CASA-7_1_2. Log Content
• Resolution SB 2021 2126-Art_26_11_g. Information Security
• Resolution SB 2021 2126-Art_26_11_o. Information Security
• Resolution SB 2021 2126-Art_27_17. Security in Electronic Channels
• Resolution SB 2021 2126-Art_27_18. Security in Electronic Channels

Vulnerabilities

• 400. Traceability Loss - AWS
• 402. Traceability Loss - Azure
• 419. Traceability Loss - Kubernetes

free trial

Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.