×
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In Support CIS Support


Why CIS

Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world



About Us Leadership Principles Testimonials

Solutions

Secure Your Organization


Secure Specific Platforms


U.S. State, Local, Tribal & Territorial Governments


View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities



CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers

Resources

Secure Your Organization


Learn


Filter by Topic


View All Resources  
CIS Logo Show Search Expand Menu

Maintenance, Monitoring, and Analysis of Audit Logs

CIS Control 6This is a basic Control

Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack.

CIS RAM is an information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls. Download CIS RAM

Why is this CIS Control critical?

Deficiencies in security logging and analysis allow attackers to hide their location, malicious software, and activities on victim machines. Even if the victims know that their systems have been compromised, without protected and complete logging records they are blind to the details of the attack and to subsequent actions taken by the attackers. Without solid audit logs, an attack may go unnoticed indefinitely and the particular damages done may be irreversible.

Sometimes logging records are the only evidence of a successful attack. Many organizations keep audit records for compliance purposes, but attackers rely on the fact that such organizations rarely look at the audit logs, and they do not know that their systems have been compromised. Because of poor or nonexistent log analysis processes, attackers sometimes control victim machines for months or years without anyone in the target organization knowing, even though the evidence of the attack has been recorded in unexamined log files.

Main Points:
  • Ensure that local logging has been enabled on all systems and networking devices.
  • Ensure that appropriate logs are being aggregated to a central log management system for analysis and review.
Want to implement this basic Control?

Download the CIS Controls for more details on implementing this and the other 19 Controls.

Download all
CIS Controls v7.1 (PDF)

Already downloaded the CIS Controls?

We have several resources to help you implement:

Information Hub : CIS Controls


CONTROL: 1 --- ADVISORY CONTROL: 0
CONTROL: 2 --- ADVISORY CONTROL: 0
CONTROL: 3 --- ADVISORY CONTROL: 0

Pencil Webinar 10 May 2021
CONTROL: 4 --- ADVISORY CONTROL: 0

Pencil Webinar 10 May 2021