Log sensitive data access, including modification and disposal.
| Asset Type | Security Function | Implementation Groups |
|---|---|---|
| Data | Detect | 3 |
- Safeguard 1.1: Establish and Maintain Detailed Enterprise Asset Inventory
- Safeguard 2.1: Establish and Maintain a Software Inventory
- Safeguard 4.1: Establish and Maintain a Secure Configuration Process
GV5: Authorized software inventoryGV19: Enterprise assets storing sensitive dataGV3: Configuration Standards
- Using
GV3identify authorized logging software - For each asset in
GV19, use the output from Operation 1 - Identify and enumerate assets with logging software installed (M2)
- Identify and enumerate assets that do not have logging software installed (M3)
- For each asset in
- For logging software installed check configuration using
GV3 - Identify and enumerate software that is properly configured (M4)
- Identify and enumerate software that is improperly configured (M5)
- For logging software installed check configuration using
- M1 = Count of
GV19 - M2 = Count of assets storing sensitive data with logging software
- M3 = Count of assets storing sensitive data without logging software
- M4 = Count of assets with properly configured logging
- M5 = Count of assets with imporperly configured logging
| Metric | The percentage of properly configured logging on assets storing |
sensitive data. |
| Calculation | M4 / M1 |