Date Published: October 11, 2023
Comments Due:
Email Questions to:
Author(s)
Karen Scarfone (Scarfone Cybersecurity), Murugiah Souppaya (NIST)
Announcement
Log management is the process for generating, transmitting, storing, accessing, and disposing of log data. It facilitates log usage and analysis for many purposes, including identifying and investigating cybersecurity incidents, finding operational issues, and ensuring that records are stored for the required period of time.
This document defines a playbook to help any organization plan improvements to its cybersecurity log management practices in support of regulatory requirements and recommended practices. While the playbook is not comprehensive, the listed plays are noteworthy and generally beneficial for cybersecurity log management planning by organizations.
NOTE: A call for patent claims is included on page iii of this document. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
A log is a record of events that occur within an organization’s computing assets, including physical and virtual platforms, networks, services, and cloud environments. Log management is the process for generating, transmitting, storing, accessing, and disposing of log data. It facilitates log usage and analysis for many purposes, including identifying and investigating cybersecurity incidents, finding operational issues, and ensuring that records are stored for the required period of time. This document defines a playbook intended to help any organization plan improvements to its cybersecurity log management.
A log is a record of events that occur within an organization’s computing assets, including physical and virtual platforms, networks, services, and cloud environments. Log management is the process for generating, transmitting, storing, accessing, and disposing of log data. It facilitates log usage...
See full abstract
A log is a record of events that occur within an organization’s computing assets, including physical and virtual platforms, networks, services, and cloud environments. Log management is the process for generating, transmitting, storing, accessing, and disposing of log data. It facilitates log usage and analysis for many purposes, including identifying and investigating cybersecurity incidents, finding operational issues, and ensuring that records are stored for the required period of time. This document defines a playbook intended to help any organization plan improvements to its cybersecurity log management.
Hide full abstract
Keywords
auditing; cybersecurity artifacts; incident response; log management; logging; threat detection
Control Families
None selected
