The existing control relating to the centralised storage of break glass account event logs was merged into the existing control relating to collecting break glass account event logs. [ISM-1613, ISM-1715]
Dec 2022
Break glass event logs are stored centrally.
Existing controls relating to event logging were amended to increase clarity of intent and to reduce duplication of content. As a result, common guidance was consolidated into the event logging and monitoring section of the Guidelines for System Monitoring.
Dec 2021
Break glass event logs are centrally stored and protected from unauthorised modification and deletion, monitored for signs of compromise, and actioned when cyber security events are detected.
The terminology used for logging and monitoring both unprivileged access and break glass access has been aligned with the terminology used for logging and monitoring privileged access within the Essential Eight Maturity Model.