NIST releases standards for security logs
- By Wade-Hahn Chan
- Apr 28, 2006
"Guide to Security Log Management"
The National Institute of Standards and Technology released technical guidelines on how federal agencies should manage security logs. The guidelines cover log generation, transmission, storage, analysis and disposal.
The guidelines, NIST Special Publication 800-92: Guide to Computer Security Log Management, include suggestions for creating a log management policy, prioritizing log files and creating a centralized log management infrastructure to include all hardware, software, networks and media.
The 64-page document notes that agencies must deal with larger quantities, volumes and varieties of security logs. They also must comply with a growing number of legislative requirements such as the Federal Information Security Management Act and the Health Insurance Portability and Accountability Act.