control_freak | Controls | SA-15(13)

Require the developer of the system or system component to minimize the use of personally identifiable information in development and test environments.

Parameter ID	Definition
sa-15.13_odp.01	secure logging format(s)
sa-15.13_odp.02	events types to log
sa-15.13_odp.03	level of detail to log

Baselines

Guidance

In support of better incident response and the ability to more quickly reconstruct security-related actions, identifying specific requirements for secure logging facilitates the ability to connect application-produced audit event logs with operational data. Event types are consistent with the event types defined in AU-02.

Related controls 5

AU-02 Event Logging L M H P
AU-03 Content of Audit Records L M H P
IR-04 Incident Handling L M H P
IR-08 Incident Response Plan L M H P
SA-05 System Documentation L M H P

SA-15(13) Logging Syntax

Baselines

Guidance

Related controls 5