History
- Priority
- recommended
- Nov 2018
- Removed
- Removed due to a split of content into security controls 0582, 1536 and 1537.
- 2017
- The events listed below should be logged:DatabaseAccess to particularly sensitive informationAddition of new users, especially privileged usersAny query containing commentsAny query containing multiple embedded queriesAny query or database alerts or failuresAttempts to elevate privilegesAttempted access that is successful or unsuccessfulChanges to the database structureChanges to user roles or database permissionsDatabase administrator actionsDatabase logons and logoffsModifications to dataUse of executable commands e.g. xp_cmdshellOperating systemAccess to sensitive data and processesApplication crashes including any error messagesAttempts to use special privilegesChanges to accountsChanges to security policyChanges to system configuration dataDNS and HTTP requestsFailed attempts to access data and system resourcesService failures and restartsSuccessful and failed attempts to logon and logoffSystem startup and shutdownTransfer of data to external mediaUser or group managementUse of special privilegesWeb applicationAttempted access that is deniedSearch queries initiated by usersUser access to a web applicationWeb application crashes including any error messagesEvent detailsFor each event logged, sufficient detail needs to be recorded in order for the logs to be usefulwhen reviewed.
- Control Text Changed. No public explaination.
- 2015
- The events listed below should be logged.
- 2010
- It is recommended agencies log the events listed in the table below for specific software components.