The Logging and Event Monitoring Standard establishes requirements for security monitoring and event management to detect unauthorized activities on Commonwealth information systems. This standard defines the following related controls and acceptable practices:
- Audit requirements for user activities, exceptions and information security events.
- Logging activities and actions required to resolve system fault errors.
- Guidelines for the frequency of reviewing audit logs.
- Protection of audit logs through technical controls such as file permissions.
- Integration of suspicious audit events and investigation into incident response processes.