Report on the percentage of systems for which event and activity logging has been implemented in accordance with policy.

UCF ID: 02102

Control Type: Actionable Reports or measurements

Status: Live

Metric guidance

Calculation: The calculation for this metric is # of systems that log user actions / # of IT systems.

Calculation source: The authority document source of information is NIST 800-55, Critical Element 17.1. The following formula was used: the number of systems that log user actions in accordance with policies, standards, and procedures divided by the number of systems listed in the CMDB for each business unit (or the organization as a whole) .

The Common Control IDs associated with this metric are as follows:

Operationalize key monitoring and logging concepts to ensure the audit trails capture sufficient information. [UCF Control ID 00638]

Record detailed information in the audit trails for events that can be identified by type, location, or subject. [UCF Control ID 00639]

Establish and maintain standards and procedures for collecting and interpreting logs. [UCF Control ID 00643]

Configure and enable logging on the firewall. [UCF Control ID 01963]

Establish and maintain an organizational framework of policies, standards, and procedures. [UCF Control ID 01406]

Supporting and supported controls

This control directly supports:

Establish and maintain an event and activity logging and monitoring management metrics program. [UCF Control ID 02078]

There are no supporting controls.

Authority documents complied with:

CISWG Information Security Program Elements, January 10,2005, ISPE22.1

US Federal Security Guidance

The organization must measure and report on the percentage of systems for which event and activity logging has been implemented in accordance with policy. [ISPE22.1, CISWG Information Security Program Elements, January 10,2005]