The SP 800-92 revisions will be informed by the August 2021 OMB Memorandum M-21-31, "Improving the Federal Government's Investigative and Remediation Capabilities Related to Cybersecurity Incidents," which addresses requirements in Section 8 of Executive Order (EO) 14028. Recent incidents have underscored how important it is for organizations to generate, safeguard, and retain logs of their system and network events, both to improve incident detection and to aid in incident response and recovery activities. In the Active Problems view, double-click the problem record that you want to resolve. NIST is in the process of revising NIST Special Publication (SP) 800-92, Guide to Computer Security Log Management. In the Work Items pane, expand Problem Management, and select Active Problems.
In the Service Manager console, select Work Items. Information sharing: how log information sharing with external incident response organizations and law enforcement should be safeguarded To resolve a problem record and the incidents that are associated with it.Log management practices: what log management practices organizations should follow (for example, centralizing logs and integrating them with their SOC).Log protection: what technical methods should be used to protect the integrity, provenance, and confidentiality of logs.Log retention: how long logs and other relevant data should be retained.Scope of log information: which types of logs or log information should be generated and retained.incidents within the enterprise in accordance with recovery action plans. Examples of what the recommendations will include are: Ensuring incidents are managed in accordance with NIST stages of incident. It will contain updated information and recommendations, particularly to help organizations prepare to detect, respond to, and recover from cybersecurity incidents in a mix of on-premises and cloud-based environments. The revised SP 800-92 will focus on log management principles, processes, procedures, and planning for organizations. The publication presents log management technologies at a high level, and it is not a guide to implementing or using log management technologies. It provides recommendations for planning log management, such as defining roles and responsibilities and creating feasible logging policies. It defines important log management concepts and explores the challenges involved in log management at the enterprise level. The current version (September 2006) of SP 800-92 seeks to assist organizations in understanding the need for sound computer security log management. Logs that are retained for an extended period of time may be the only record an organization has of what occurred during an incident to identify root cause. NIST is in the process of revising NIST Special Publication (SP) 800-92, Guide to Computer Security Log Management.
0 kommentar(er)
