Skip to content

Monitoring, Logging, and Auditing

A secure cloud service offering will monitor, log, and audit all important events, activity, and changes.

Authorizing Log Access

KSI-MLA-ALA

Former ID: KSI-MLA-08

Changelog:

  • 2026-02-04: Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes.

Optional: Use a least-privileged, role and attribute-based, and just-in-time access authorization model for access to log data based on organizationally defined data sensitivity.

Use a least-privileged, role and attribute-based, and just-in-time access authorization model for access to log data based on organizationally defined data sensitivity.

Related SP 800-53 Controls: SI-11

Evaluating Configurations

KSI-MLA-EVC

Former ID: KSI-MLA-05

Changelog:

  • 2026-02-04: Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes.

Persistently evaluate and test the configuration of machine-based information resources, especially infrastructure as code.

Related SP 800-53 Controls: CA-7, CM-2, CM-6, SI-7.7

Terms: Information Resource, Machine-Based (information resources), Persistently

Logging Event Types

KSI-MLA-LET

Former ID: KSI-MLA-07

Changelog:

  • 2026-02-04: Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes.

Maintain a list of information resources and event types that will be logged, monitored, and audited, then do so.

Related SP 800-53 Controls: AC-2.4, AC-6.9, AC-17.1, AC-20.1, AU-2, AU-7.1, AU-12, SI-4.4, SI-4.5, SI-7.7

Terms: Information Resource

Operating SIEM Capability

KSI-MLA-OSM

Former ID: KSI-MLA-01

Changelog:

  • 2026-02-04: Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes.

Operate a Security Information and Event Management (SIEM) or similar system(s) for centralized, tamper-resistent logging of events, activities, and changes.

Related SP 800-53 Controls: AC-17.1, AC-20.1, AU-2, AU-3, AU-3.1, AU-4, AU-5, AU-6.1, AU-6.3, AU-7, AU-7.1, AU-8, AU-9, AU-11, IR-4.1, SI-4.2, SI-4.4, SI-7.7

Reviewing Logs

KSI-MLA-RVL

Former ID: KSI-MLA-02

Changelog:

  • 2026-02-04: Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes.

Persistently review and audit logs.

Related SP 800-53 Controls: AC-2.4, AC-6.9, AU-2, AU-6, AU-6.1, SI-4, SI-4.4

Terms: Persistently