Resource Custodians must maintain, monitor, and analyze security audit logs for covered devices.
Description of Risk
Without appropriate audit logging, an attacker's activities can go unnoticed, and evidence of whether or not the attack led to a breach can be inconclusive.
Regular log collection is critical to understanding the nature of security incidents during an active investigation and post mortem analysis. Logs are also useful for establishing...