United States: Federal Information Security Modernization Act of 2014 (FISMA)
The provisions related to security log monitoring in the Federal Information Security Modernization Act of 2014 (FISMA) can be found in several sections of the law, including:
* Title III, Subtitle A, Part I, Section 301, "Federal Information Security Authority and Coordination," which requires the head of each federal agency to ensure that information security is managed in accordance with the standards and guidelines provided by the National Institute of Standards and Technology (NIST).
* Title III, Subtitle B, Part I, Section 355, " Information Security Continuous Monitoring," which requires federal agencies to implement continuous monitoring programs to ensure the security of their information systems and the information they contain. This includes requirements for the use of automated tools and techniques to collect, process, and report security-related information, as well as the use of security log monitoring to detect, report, and respond to security incidents.
*Title III, Subtitle B, Part I, Section 356, " Information Security Risk Assessment," which requires federal agencies to conduct regular risk assessments to identify and prioritize risks to their information systems and the information they contain, and to develop and implement mitigation strategies to address those risks.
It is important to note that the provisions related to security log monitoring in FISMA are not exhaustive and may be interpreted and enforced differently by different agencies and organizations. For a complete understanding of the provisions related to security log monitoring in FISMA, it is recommended to consult the full text of the law and seek the advice of legal counsel or other experts knowledgeable about federal information security regulations.
留言