Database Logging Rule
This rule ensures database logging is enabled to maintain data security.
| Rule | Database logging should be enabled |
| Framework | CISA-cyber-essentials |
| Severity | ✔ Low |
Rule Description:
The rule requires enabling database logging for CISA Cyber Essentials. Enabling database logging helps in tracking and recording valuable information about activities and events occurring within the CISA Cyber Essentials database. It enhances security by providing an audit trail, facilitating troubleshooting, and aiding in the detection of any malicious activities.
Troubleshooting Steps:
If database logging is not enabled for CISA Cyber Essentials, follow these troubleshooting steps:
- 1.
Verify the Database Logging Settings:
- Check if the database logging feature is supported by the CISA Cyber Essentials software version.
- Ensure that the database logging option is available and configurable within the software settings.
- 2.
Enable Database Logging:
- If the database logging option is available, enable it by navigating to the settings or configuration section related to logging.
- Set the appropriate logging level based on the required level of detail and compliance requirements.
- Configure the destination database where the logs will be stored.
- 3.
Test Logging:
- Perform a test action within the CISA Cyber Essentials software to generate activity and verify if the logging is capturing the expected events.
- Review the database logs to ensure the logged information aligns with the expected outcome.
- 4.
Verify Log Retention Policy:
- Confirm that the log retention policy is appropriately configured to retain logs for a sufficient period.
- Ensure that logs are not overwritten or deleted prematurely, allowing for historical analysis and forensic investigations.
- 5.
Collaborate with IT and Security Teams:
- Involve relevant IT and security teams to ensure the proper configuration and monitoring of the database logging solution.
- Coordinate with the teams to align the database log format and retention periods with existing log management practices.
Necessary Codes:
No specific codes are provided as part of this rule. The steps involve configuration within the CISA Cyber Essentials software, which typically provides a graphical user interface (GUI) for enabling database logging and selecting appropriate settings.
Step-by-Step Guide for Remediation:
Follow these steps to enable database logging for CISA Cyber Essentials:
- 1.
Login to the CISA Cyber Essentials software with administrative credentials.
- 2.
Navigate to the settings or configuration section.
- 3.
Look for the option related to logging and click on it.
- 4.
Check if the database logging option is available and configurable.
- 5.
If available, enable the database logging feature.
- 6.
Set the appropriate logging level based on the required level of detail (e.g., low, medium, high) and compliance requirements.
- 7.
Configure the destination database where the logs will be stored. Specify the server details, database name, and authentication credentials if required.
- 8.
Save the changes and exit the settings or configuration section.
- 9.
Perform a test action within the CISA Cyber Essentials software to generate activity.
- 10.
Verify if the logging is capturing the expected events.
- 11.
Access the configured database to review the logs and ensure that the logged information aligns with the expected outcome.
- 12.
If necessary, adjust the log retention policy to retain logs for a sufficient period.
- 13.
Collaborate with the IT and security teams to ensure the proper configuration and monitoring of the database logging solution.
Note: The exact steps may vary depending on the interface and configuration options provided by the CISA Cyber Essentials software. Implementers should refer to the software documentation or consult with the vendor for specific instructions.