MON-03—Content of Event Logs

Weight: 10

>Control Description

Mechanisms exist to configure Technology Assets, Applications and/or Services (TAAS) to produce event logs that contain sufficient information to, at a minimum: (1) Establish what type of event occurred; (2) When (date and time) the event occurred; (3) Where the event occurred; (4) The source of the event; (5) The outcome (success or failure) of the event; and (6) The identity of any user/subject associated with the event.

>Control Description

>Cross-Framework Mappings

NIST SP 800-53 r5

NIST CSF 2.0

PCI DSS v4.0.1

CIS Controls v8

SOC 2 TSC

CMMC v2.0

NIST SP 800-171

FedRAMP Rev 5

Canada ITSP 10.171

OSFI B-13

Australia Essential Eight

Australia ISM

India SEBI Guidelines

New Zealand HISF

New Zealand HISF Suppliers

Spain ENS

UK CAF

UK DEF STAN 05-138

SOC 2 TSC (Detailed)

CIS Controls v8.1 (Detailed)

GovRAMP

ISO 27002:2022

NAIC Model Law 668

NIST SP 800-161

NIST SP 800-171 Rev 3

NIST SP 800-171A Rev 3

NIST SP 800-171A

FBI CJIS

DHS TIC 3.0

CISA SSDAF

DoD Zero Trust Roadmap

Executive Order 14028

HIPAA Simplification 2013

NERC CIP

NY DFS 23 NYCRR 500

Ask AI