[ISN] NIST releases standards for security logs
InfoSec News
isn at c4i.org
Mon May 1 01:42:15 EDT 2006
http://www.fcw.com/article94229-04-28-06-Web
By Wade-Hahn Chan
Apr. 28, 2006
The National Institute of Standards and Technology released technical
guidelines on how federal agencies should manage security logs. The
guidelines cover log generation, transmission, storage, analysis and
disposal.
The guidelines, NIST Special Publication 800-92: Guide to Computer
Security Log Management [1], include suggestions for creating a log
management policy, prioritizing log files and creating a centralized
log management infrastructure to include all hardware, software,
networks and media.
The 64-page document notes that agencies must deal with larger
quantities, volumes and varieties of security logs. They also must
comply with a growing number of legislative requirements such as the
Federal Information Security Management Act and the Health Insurance
Portability and Accountability Act.
[1] http://csrc.ncsl.nist.gov/publications/drafts/DRAFT-SP800-92.pdf
More information about the ISN
mailing list