Follow

Log Review Compliance Coverage | Feature Education

Overview

Alert Logic® Log Review™ directly or indirectly addresses requirements for multiple regulations and industry security standards. The following list identifies how Log Review maps to the specific requirements, rules, or guidelines in some of the most popular standards. Details for each requirement or mandate are available from the respective regulatory or standards bodies.

Log Review Compliance Matrix

Requirement

SOX 404
(COBIT 5)

HIPAA
Subpart C

PCI DSS

ISO
27001/27002

Must provide a policy for Log Review DSS05.05 164.308(a)(1)(i) 10.6 5.1.1
6.1.1
Must provide a defined process for Log Review DSS05.02
DSS05.05
164.308(a)(1)(ii)(D) 10.2
10.3
10.6

12.4.1

Must review logs within a specified time period DSS05.02 164.308(a)(1)(ii)(D) 10.6.1 12.4.1
12.4.3
Review access events DSS05.07 164.308(a)(5)(ii)(C)
164.308(a)(6)(1)
10.2.2
10.2.4
9.4.2
9.4.4
12.4.1
12.4.3
Review change events DSS05.04 164.312(b) 10.2.2
10.2.5
10.2.7
9.2.1
9.2.2
9.2.3
12.4.1
12.4.3
Maintain logs and audit trail for extended durations    164.316(b)(2)(i) 10.7 12.4
16.1.7

Additional Standards Mappings

Mappings to the following specific requirements of other security standards are available upon request to the Alert Logic Customer Care team:

  • Control Objectives for Information and Related Technology (COBIT)
  • Federal Financial Institutions Examination Council (FFIEC)
  • North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC CIP)
  • Federal Information Processing Standards (FIPS)
  • Federal Risk and Authorization Management Program (FedRAMP)
  • National Institute of Standards and Technology (NIST)
  • International Guidance
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.