You periodically check that you're logging the right events.
What it actually means
What's worth logging changes as your environment does. Periodically review the set of events you capture and adjust it — so you're not missing new systems or drowning in noise.
Pass or fail — an assessor needs a "yes" to each
- The logged-event set is reviewed on a defined cadence.
- Updates are made as systems/threats change.
What to have ready
- Review records / change history for logging config
- Policy defining the review cadence
Where teams trip up
- Logging configured once and never revisited
- New systems added without logging
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →