Logging and Monitoring
(Back)
Objective
Enable logging for the cloud environment and for cloud-based workloads.
Applicable Service Models
IaaS, PaaS, SaaS
Mandatory Requirements
| Activity | Validation |
|---|---|
| <ul><li>Implement adequate level of logging and reporting, including a security audit log function in all information systems.</li></ul> | <ul><li>Confirm policy for event logging is implemented.</li><li>Confirm that the following logs are included: <ul><li>Sign-in logs (interactive and non-interactive sign-ins, API sign-ins)</li><li>Access privilege and group changes (including group membership and group privilege assignment)</li><li>Changes in configuration of the cloud platform</li><li>Cloud resource provisioning activities.</li></ul></li></ul> |
| <ul><li>Configure events within the solution to support security monitoring, in accordance with the GC Event Logging Guidance.</li></ul> | <ul><li>Confirm whether monitoring and auditing is implemented for all users.</li></ul> |
| <ul><li>Ensure that the appropriate contact information is configured so that the cloud service provider can notify the GC organization of incidents they detect.</li></ul> | <ul><li>Confirm that the security contact record within the account should be completed with the details of at least two appropriate information security personnel (if multiple personnel are permitted by the cloud platform).</li></ul> |
| <ul><li>Configure an appropriate time zone for the audit records generated by your solution components.</li></ul> | <ul><li>Confirm that the appropriate time zone has been set.</li></ul> |
| <ul><li>Ensure that resources are assigned to monitor cloud-based events</li></ul> | <ul><li>Demonstrate that the monitoring use cases for the cloud platform have been implemented and have been integrated with the overall security monitoring activities being performed by the department (evidence could include monitoring a checklist or a system generated report).</li></ul> |
Additional Considerations
None
References
- Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN) 2017-01, subsection 6.3.1
- Cyber Centre’s top 10 IT security actions, numbers 1, 5 and 8
- Event Logging Guidance
- Guidance on Defence in Depth for Cloud-Based Services (ITSP.50.104), subsection 4.8
Related security controls from ITSG-33
AU‑12, SI-4, SI-4(7)
Page details
- Date modified: