Defines the requirements and provides the authority for the information security team to conduct audits and risk assessments to ensure integrity of information/resources, to investigate incidents, to ensure conformance to security policies, or to monitor user/system activity where appropriate.
In July 2006 SANS held its first ever Log Management Summit. One issue identified at the Summit is that it is difficult to ensure that all information systems generate appropriate audit logs and that those audit logs can be integrated with an enterprise's log management function.
This document attempts to address this issue by identifying specific requirements information systems must meet in order to generate appropriate audit logs and integrate with an enterprise's log management function.
The intention is that this language can easily be adapted for use in enterprise IT security policies and standards, and also in enterprise procurement standards and RFP templates. In this way, organizations can ensure that new IT systems, whether developed in-house or procured, support necessary audit logging and log management functions.