Highlights of IS.011 Logging and Event Monitoring Standard
Massachusetts Executive Office of Technology Services and Security IS.011 Logging and Event Monitoring Standard establishes requirements for security monitoring and event management to detect unauthorized activities on Commonwealth information systems. This standard defines the following related controls and acceptable practices:
- Audit requirements for user activities, exceptions and information security events.
- Logging activities and actions required to resolve system fault errors.
- Guidelines for the frequency of reviewing audit logs.
- Protection of audit logs through technical controls such as file permissions.
- Integration of suspicious audit events and investigation into incident response processes.
See the Enterprise Information Security Standards Self-Assessment Questionnaire [Excel] that can be used to track compliance with implementing these internal controls. Departments should expect to be audited on compliance with these internal controls.
The Executive Office of Technology Services and Security (EOTSS) publishes Enterprise Information Security Policies and Standards which must be included in a department’s Internal Control Plan, implemented, tested, and included in staff training. These standards apply to all Executive Department offices and agencies and are the default standard for non-Executive Departments who have not adopted comparable cyber and data security standards as part of their Internal Control Plan.