Report on the percentage of systems for which event and activity logs are monitored and reviewed in accordance with policy

Status: Live

The organization will report on the percentage of systems for which event and activity logs are monitored and reviewed in accordance with policy. [UCF ID 02103]

Metric guidance

Calculation: The calculation for this metric is # of systems for which event and activity logs are monitored and reviewed in accordance with policy / # of IT systems.

Calculation source: No authority document source of information exists. The following formula was used: the number of systems whose security administrators monitor and review event and activity logs in accordance with policies, standards, and procedures divided by the number of systems listed in the CMDB for each business unit (or the organization as a whole) .

The Common Control IDs associated with this metric are as follows:

Supporting and supported controls

This control directly supports:

    Establish and maintain an event and activity logging and monitoring metrics management program [UCF Control ID 02078]

There are no supporting controls.

Authority documents complied with:

CISWG Information Security Program Elements, January 10,2005, ISPE22.2; Performance Measurement Guide for Information Security, NIST 800-55 Rev. 1, Revision 1, App A Measure 5; Guide for Developing Performance Metrics for Information Security, NIST SP 800-80, Table 7

US Federal Security Guidance

The organization must measure and report on the percentage of systems for which event and activity logs are monitored and reviewed in accordance with policy. [ISPE22.2, CISWG Information Security Program Elements, January 10,2005]

NIST Guidance

The calculation for this metric should be stated as the # of times logs are reviewed for inappropriate activity during the reporting period / # of days in the reporting period. Use the number of days in the reporting period as the base number divided by the number of times that the activity and event logs are reviewed for inappropriate activity. [App A Measure 5, Performance Measurement Guide for Information Security, NIST 800-55 Rev. 1, Revision 1]

This metric must be calculated using # of systems for which event and activity logs are monitored and reviewed in accordance with policy / # of IT systems [Table 7, Guide for Developing Performance Metrics for Information Security, NIST SP 800-80]


Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.


Site and content © Copyright 2003-2009 Network Frontiers, LLC. All rights reserved.