SM-01 Incident & Security Monitoring

Logging Standard & Retention

What is logged and for how long is defined/enforced.

Domain: Incident & Security Monitoring
Control type: Detective
Automated / manual: Automated
Frequency: Continuous
Framework reference: MAS TRM – Logging

What good looks like

A logging standard defines events, retention and protection, aligned to regulation.

Risk if it fails

Insufficient forensic/audit evidence.

How Tess tests it

3 tests — each concludes only on cited evidence.

Logging standard defines events/retention/protection

Design

Procedure: Inspect the standard.
Expected: Defined.
Sample: 1 (design inspection)
Evidence: Logging standard, retention configuration.

Retention meets regulatory requirement

Operating

Procedure: Inspect configuration.
Expected: Compliant.
Sample: 25 (or full config inspection)
Evidence: Logging standard, retention configuration.

Logs protected from tampering

Operating

Procedure: Inspect protection.
Expected: Protected.
Sample: 25 (or full config inspection)
Evidence: Logging standard, retention configuration.

Evidence Tess looks for

Logging standard, retention configuration.

More in Incident & Security Monitoring

SM-02 Access & Privileged Activity Logging SM-03 Time Synchronisation (NTP) SM-04 Security Alerting & Anomaly Monitoring SM-05 Endpoint Protection (EDR)

Want Tess to test SM-01 against your evidence?