The existing control relating to the centralised storage of web application event logs was merged into the existing control relating to collecting database-related web application event logs. [ISM-1536, ISM-1757]
Dec 2022
Web application event logs are stored centrally.
Existing controls relating to event logging were amended to increase clarity of intent and to reduce duplication of content. As a result, common guidance was consolidated into the event logging and monitoring section of the Guidelines for System Monitoring.
Dec 2022
Web application event logs are stored centrally.
Language from existing controls relating to ‘contractual arrangements’ was amended to ‘contractual arrangements with service providers’.
Mar 2022
Web application event logs are centrally stored and protected from unauthorised modification and deletion, monitored for signs of compromise, and actioned when cyber security events are detected.
The approach to the management of event logs has been standardised to align with the Essential Eight Maturity Model. Furthermore, specific events to be logged, such as those related to databases, operating systems and web applications, have been moved to relevant guidelines.