When to use this
Use this checklist to review whether logs are protected against unauthorized modification, deletion, redirection, shutdown, and overwrite.
Related controls
Checklist
- Logs are sent to protected storage where feasible.
- Source-system administrators cannot silently alter or delete logs.
- Logging configuration changes require authorization.
- Log deletion requires authorization and creates a record.
- Logging shutdown or redirection is controlled.
- Log overwrite generates alert before loss.
- Time synchronization is sufficient for investigation.
- Log access is reviewed.
Findings table
| Log source | Protection control | Gap | Action owner | Due date |
|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD |
- Template
- Iso27001
- Technological controls
- Logging
- Access review
Note Metadata
Aliases: Log Tamper Protection Checklist
Source: 90 Templates/Log Integrity and Access Review Checklist.md
Related Notes
- ISO 27001 A.5.28 - Collection of Evidence
- A.8.15 Audit Evidence Pack
- ISO 27001 A.8.15 - Logging
- ISO 27001 A.8.2 - Privileged Access Rights
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.15 Audit Checklist
- Templates MOC