Application control event logs including the name of the file, the date/time stamp and the username of the user associated with the event.
Topic
Application control
Applicable to
all
History
Priority
recommended
Mar 2022
Removed
The recommendation to capture specific details of event logs associated with application control (ISM-0957) was rescinded due to significant overlap with existing event logging recommendations (ISM-0585).
Apr 2020
Application control is configured to generate event logs for failed execution attempts, including information such as the name of the blocked file, the date/time stamp and the username of the user attempting to execute the file.
Security controls 0843, 1490, 0955, 1471, 1392, 1544, 0846 and 0957 were modified to replace ‘application whitelisting’ with ‘application control’.
Mar 2020
Application whitelisting solutions are configured to generate event logs for failed execution attempts, including information such as the name of the blocked file, the date/time stamp and the username of the user attempting to execute the file.
2017
Application whitelisting solutions should be configured to generate event logs for failedexecution attempts, including information such as the name of the blocked file, the date/timestamp and the username of the user attempting to execute the file.
Control Text Changed. No public explaination.
2015
Agencies should configure application whitelisting solutions to generate event logs for failedexecution attempts including information such as the name of the blocked file, the date/timestamp and the username of the user attempting to execute the file.
2010
It is recommended that logs from the application whitelisting implementation include all relevant information.