Monitoring, Logging, and Auditing¶

Related SP 800-53 Controls: SI-11

Terms: Persistently

The configuration of machine-based information resources, especially infrastructure as code, is persistently evaluated and tested.

Related SP 800-53 Controls: CA-07, CM-02, CM-06, SI-07 (07)

Terms: Information Resource, Machine-Based (Information Resources), Persistently

A list of information resources and event types that will be logged, monitored, and audited is maintained and persistently reviewed to ensure these activities occur.

Related SP 800-53 Controls: AC-02 (04), AC-06 (09), AC-17 (01), AC-20 (01), AU-02, AU-07 (01), AU-12, SI-04 (04), SI-04 (05), SI-07 (07)

Terms: Information Resource, Persistently

A Security Information and Event Management (SIEM) or similar system(s) is used and persistently reviewed for centralized, tamper-resistant logging of events, activities, and changes.

Related SP 800-53 Controls: AC-17 (01), AC-20 (01), AU-02, AU-03, AU-03 (01), AU-04, AU-05, AU-06 (01), AU-06 (03), AU-07, AU-07 (01), AU-08, AU-09, AU-11, IR-04 (01), SI-04 (02), SI-04 (04), SI-07 (07)

Terms: Persistently

Logs are persistently reviewed and audited.

Related SP 800-53 Controls: AC-02 (04), AC-06 (09), AU-02, AU-06, AU-06 (01), SI-04, SI-04 (04)

Terms: Persistently