This is a potential security issue, you are being redirected to https://csrc.nist.gov.
NIST is in the process of revising NIST Special Publication (SP) 800-92, Guide to Computer Security Log Management. Recent incidents have underscored how important it is for organizations to generate, safeguard, and retain logs of their system and network events, both to improve incident detection and to aid in incident response and recovery activities. Logs that are retained for an extended period of time may be the only record an organization has of what occurred during an incident to identify root cause.
The current version (September 2006) of SP 800-92 seeks to assist organizations in understanding the need for sound computer security log management. It defines important log management concepts and explores the challenges involved in log management at the enterprise level. It provides recommendations for planning log management, such as defining roles and responsibilities and creating feasible logging policies.
The publication presents log management technologies at a high level, and it is not a guide to implementing or using log management technologies.
The revised SP 800-92 will focus on log management principles, processes, procedures, and planning for organizations. It will contain updated information and recommendations, particularly to help organizations prepare to detect, respond to, and recover from cybersecurity incidents in a mix of on-premises and cloud-based environments. Examples of what the recommendations will include are:
The SP 800-92 revisions will be informed by the August 2021 OMB Memorandum M-21-31, "Improving the Federal Government's Investigative and Remediation Capabilities Related to Cybersecurity Incidents," which addresses requirements in Section 8 of Executive Order (EO) 14028.
Your comments and suggestions for the Log Management project are always welcome. Contact us at firstname.lastname@example.org.