The existing control relating to the centralised storage of operating system event logs was merged into the existing control relating to collecting operating system event logs. [ISM-0582, ISM-1747]
Dec 2022
Operating system event logs are stored centrally.
Existing controls relating to event logging were amended to increase clarity of intent and to reduce duplication of content. As a result, common guidance was consolidated into the event logging and monitoring section of the Guidelines for System Monitoring.
Mar 2022
Operating system event logs are centrally stored and protected from unauthorised modification and deletion, monitored for signs of compromise, and actioned when cyber security events are detected.
The approach to the management of event logs has been standardised to align with the Essential Eight Maturity Model. Furthermore, specific events to be logged, such as those related to databases, operating systems and web applications, have been moved to relevant guidelines.