NIST Special Publication 800-92 explained

NIST Special Publication 800-92, "Guide to Computer Security Log Management", establishes guidelines and recommendations for securing and managing sensitive log data. The publication was prepared by Karen Kent and Murugiah Souppaya of the National Institute of Science and Technology and published under the SP 800-Series;[1] a repository of best practices for the InfoSec community. Log management is essential to ensuring that computer security records are stored in sufficient detail for an appropriate period of time.

Background

Effective security event logging and log analysis is a critical component of any comprehensive security program within an organization. It is used to monitor system, network and application activity. It serves as a deterrent for unauthorized activity, as well as provides a means to detect and analyze an attack in order to allow the organization to mitigate or prevent similar attacks in the future. However, security professionals have a significant challenge to determine what events must be logged, where and how long to retain those logs, and how to analyze the enormous amount of information that can be generated. A deficiency in any of these areas can cause an organization to miss signs of unauthorized activity, intrusion, and loss of data, which creates additional risk.[2]

Scope

NIST SP 800-92 provides a high-level overview and guidance for the planning, development and implementation of an effective security log management strategy. The intended audience for this publication include the general information security (InfoSec) community involved in incident response, system/application/network administration and managers.[3]

NIST SP 800-92 defines a log management infrastructure as having 4 major functions:[4]

NIST SP 800-92 address the following security log management challenges:

NIST SP 800-92 makes the following recommendations for security log management:[5]

Compliance

The following federal regulations require the proper handling and storage of sensitive log data:

External links

Notes and References

  1. Web site: NIST Publications. NIST Computer Security Resource Center. NIST. 26 February 2015.
  2. Butler. Vincent. Dorsey. Tom. Robinson. Ken. Building a Logging Strategy for Effective Analysis. August 3, 2014. 3. Report - Penn State University.
  3. Kent. Karen. Souppaya. Murugiah. Guide to Computer Security Log Management. NIST Sp 800-92. 2006. ES-1,1-1. 10.6028/NIST.SP.800-92. 221183642 . 26 February 2015.
  4. Kent. Karen. Souppaya. Murugiah. Guide to Computer Security Log Management. NIST Sp 800-92. 2006. 3-3,3-4. 10.6028/NIST.SP.800-92. 221183642 . 26 February 2015.
  5. Web site: Radack. Shirley. Editor. ITL.NIST.gov. NIST. 26 February 2015.
  6. Web site: Summary of HIPAA Security Rule. Summary of the HIPAA Security Rule. 20 November 2009. Health and Human Services. 26 February 2015.
  7. Web site: Sarbanes-Oxley Act of 2002. A Guide to the Sarbanes-Oxley Act. Addison-Hewitt.
  8. Web site: Gramm-Leach-Bliley Act (Privacy of Consumer Financial Information. FDIC.gov. FDIC. 26 February 2015.
  9. Payment Card Industry Data Security Standard. Security Standards Council. 2013. 3. 26 February 2015.