CIS Control 6

CIS Control 6: Maintenance, Monitoring and Analysis of Audit Logs

Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack.

6.1: Utilize Three Synchronized Time Sources

  • Maintain documented security configuration standards for all authorized operating systems and software.

6.2: Activate Audit Logging

  • Ensure that local logging has been enabled on all systems and networking devices.

6.3: Enable Detailed Logging

  • Enable system logging to include detailed information such as an event source, date, user, timestamp, source addresses, destination addresses, and other useful elements.

6.4: Ensure Adequate Storage for Logs

  • Ensure that all systems that store logs have adequate storage space for the logs generated.

6.5: Central Log Management

  • Ensure that appropriate logs are being aggregated to a central log management system for analysis and review.

6.6: Deploy SIEM or Log Analytic Tools

  • Deploy Security Information and Event Management (SIEM) or log analytic tools for log correlation and analysis.

6.7: Regularly Review Logs

  • On a regular basis, review logs to identify anomalies or abnormal events.

6.8: Regularly Tune SIEM

  • On a regular basis, tune your SIEM system to better identify actionable events and decrease event noise.

Figure: System Entity Relationship Diagram

CIS Control 5
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
1175 Peachtree St NE
Atlanta, Georgia, 30361.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified IBM Security
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.