UnixTime

Research Note

Log Integrity and Access Review Checklist

Use this checklist to review whether logs are protected against unauthorized modification, deletion, redirection, shutdown, and overwrite.

On this page

When to use this

Use this checklist to review whether logs are protected against unauthorized modification, deletion, redirection, shutdown, and overwrite.

Checklist

  • Logs are sent to protected storage where feasible.
  • Source-system administrators cannot silently alter or delete logs.
  • Logging configuration changes require authorization.
  • Log deletion requires authorization and creates a record.
  • Logging shutdown or redirection is controlled.
  • Log overwrite generates alert before loss.
  • Time synchronization is sufficient for investigation.
  • Log access is reviewed.

Findings table

Log source Protection control Gap Action owner Due date
TBD TBD TBD TBD TBD