Unprivileged access event logs are stored centrally.
Topic
Unprivileged access to systems
Applicable to
all
History
Dec 2023
Removed
The existing control relating to the centralised storage of unprivileged access event logs was merged into the existing control relating to collecting unprivileged access event logs. [ISM-1566, ISM-1714]
Dec 2022
Unprivileged access event logs are stored centrally.
Existing controls relating to event logging were amended to increase clarity of intent and to reduce duplication of content. As a result, common guidance was consolidated into the event logging and monitoring section of the Guidelines for System Monitoring.
Dec 2021
Unprivileged access event logs are centrally stored and protected from unauthorised modification and deletion, monitored for signs of compromise, and actioned when cyber security events are detected.
The terminology used for logging and monitoring both unprivileged access and break glass access has been aligned with the terminology used for logging and monitoring privileged access within the Essential Eight Maturity Model.