-
-
Notifications
You must be signed in to change notification settings - Fork 664
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider making basic logging part of L1 #1419
Comments
First - it is hard to set levels, before we have not (re)defined levels. To change level to 1 for logging, we need to get rid of "blackbox pentestable" from level 1. And if we did, then I think 1.7.1 can be level 1 but I'm not that sure about 1.7.2. |
I tend to agree given the move towards shaping the levels based on risk. @elarlang to handle this as part of the V7 reorganization. 1.7.2 is definitely implementation requirement. 1.7.1 maybe needs to be part of the logging inventory/documentation requirement. |
Update:
|
I think this is redundant for now since things got moved around. I think we need to cut down L1 as much as possible so not sure logging will make it. I am going to push this to the draft stage. |
Why not make these level 1? Basic logging seems critical for all apps.
1.7.1 | Verify that a common logging format and approach is used across the system. (C9) | | ✓ | ✓ | 1009
1.7.2 | Verify that logs are securely transmitted to a preferably remote system for analysis, detection, alerting, and escalation. (C9) | | ✓ | ✓
#DanWasHere
The text was updated successfully, but these errors were encountered: