Monitoring, Logging, and Auditing¶

Related SP 800-53 Controls: SI-11

Terms: Persistently

The configuration of machine-based information resources, especially infrastructure as code, is persistently evaluated and tested.

Related SP 800-53 Controls: CA-7, CM-2, CM-6, SI-7.7

Terms: Information Resource, Machine-Based (Information Resources), Persistently

A list of information resources and event types that will be logged, monitored, and audited is maintained and persistently reviewed to ensure these activities occur.

Related SP 800-53 Controls: AC-2.4, AC-6.9, AC-17.1, AC-20.1, AU-2, AU-7.1, AU-12, SI-4.4, SI-4.5, SI-7.7

Terms: Information Resource, Persistently

A Security Information and Event Management (SIEM) or similar system(s) is used and persistently reviewed for centralized, tamper-resistant logging of events, activities, and changes.

Related SP 800-53 Controls: AC-17.1, AC-20.1, AU-2, AU-3, AU-3.1, AU-4, AU-5, AU-6.1, AU-6.3, AU-7, AU-7.1, AU-8, AU-9, AU-11, IR-4.1, SI-4.2, SI-4.4, SI-7.7

Terms: Persistently

Logs are persistently reviewed and audited.

Related SP 800-53 Controls: AC-2.4, AC-6.9, AU-2, AU-6, AU-6.1, SI-4, SI-4.4

Terms: Persistently