Logging & Audit
Collect, correlate, and retain audit logs.
9 of 9 frameworks cover this control
Framework Mappings
How Logging & Audit maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | DE.AE-02 DE.AE-03 |
| ISO 27001 | Covered | A.8.15 A.8.17 |
| CIS v8 | Covered | CIS 8.1 CIS 8.2 CIS 8.9 |
| SOC 2 | Covered | CC7.2 CC7.3 |
| PCI DSS | Covered | 10.2.1 10.2.2 10.3.1 10.5.1 |
| CMMC | Covered | AU.L2-3.3.1 AU.L2-3.3.2 |
| 800-53 | Covered | AU-2 AU-3 AU-6 AU-12 |
| HIPAA | Covered | §164.312(b) §164.308(a)(1)(ii)(D) |
| GDPR | Covered | Art.5(2) Art.30(1) |
About Logging & Audit
Logging & Audit is a cybersecurity control in the Detect domain. Collect, correlate, and retain audit logs. Logging and audit controls ensure that security-relevant events are captured, stored securely, and available for investigation and compliance purposes. Organizations should log authentication events, privilege escalations, system changes, data access, and network connections, retaining logs for periods defined by regulatory requirements, typically 90 days to one year or more. Log integrity must be protected through centralized collection, tamper-evident storage, and time synchronization across all systems to ensure accurate event correlation during forensic investigations.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.