Audit Log Management
Ensure that logging destinations maintain adequate storage to comply with the enterprise’s audit log management process.
Audit Log Management
Level 2
Standardize time synchronization. Configure at least two synchronized time sources across enterprise assets, where supported.
Audit Log Management
Level 2
Configure detailed audit logging for enterprise assets containing sensitive data. Include event source, date, username, timestamp, source addresses, destination addresses, and other useful elements that could assist in a forensic investigation.
Audit Log Management
Level 2
Collect DNS query audit logs on enterprise assets, where appropriate and supported.
Audit Log Management
Level 2
Collect URL request audit logs on enterprise assets, where appropriate and supported.
Audit Log Management
Level 2
Collect command-line audit logs. Example implementations include collecting audit logs from PowerShell®, BASH™, and remote administrative terminals.
Audit Log Management
Level 2
Centralize, to the extent possible, audit log collection and retention across enterprise assets.
Email and Web Browser Protections
Ensure only fully supported browsers and email clients are allowed to execute in the enterprise, only using the latest version of browsers and email clients provided through the vendor.
Email and Web Browser Protections
Level 1
Use DNS filtering services on all enterprise assets to block access to known malicious domains.
Email and Web Browser Protections
Enforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Example implementations include category-based filtering, reputation-based filtering, or through the use of block lists. Enforce filters for all enterprise assets.
