Report on the percentage of systems for which event and activity logging has been implemented in accordance with policy

Status: Live

The organization will report on the percentage of systems for which event and activity logging has been implemented in accordance with policy. [UCF ID 02102]

Metric guidance

Calculation: The calculation for this metric is # of systems that log user actions / # of IT systems.

Calculation source: The authority document source of information is NIST 800-55, Critical Element 17.1. The following formula was used: the number of systems that log user actions in accordance with policies, standards, and procedures divided by the number of systems listed in the CMDB for each business unit (or the organization as a whole) .

The Common Control IDs associated with this metric are as follows:

Operationalizing key monitoring and logging concepts [UCF Control ID 00638]

Measurement [UCF Control ID 00639]

Monitoring thoroughness [UCF Control ID 00641]

Collection and interpretation of logs [UCF Control ID 00643]

Turn on and properly configure logging [UCF Control ID 01963]

Establish an organizational framework of policies, standards, and procedures [UCF Control ID 01406]

Supporting and supported controls

This control directly supports:

Establish and maintain an event and activity logging and monitoring metrics management program [UCF Control ID 02078]

There are no supporting controls.

Authority documents complied with:

CISWG Information Security Program Elements, January 10,2005, ISPE22.1; Security Metrics Guide for Information Technology Systems, NIST SP 800-55, July 2003, § A.17.1.1

US Federal Security Guidance

The organization must measure and report on the percentage of systems for which event and activity logging has been implemented in accordance with policy. [ISPE22.1, CISWG Information Security Program Elements, January 10,2005]

NIST Guidance

This metric must be calculated using # of systems that log user actions / # of IT systems.
Information Source: Use the number of systems listed in the CMDB for each business unit (or the organization as a whole) as the base number divided by the number of systems that log user actions in accordance with policies, standards, and procedures. [§ A.17.1.1, Security Metrics Guide for Information Technology Systems, NIST SP 800-55, July 2003]