ISO/IEC 27001 Control 8.15: Logging

Control

Logs that record activities, exceptions, faults and other relevant events should be produced, stored, protected and analysed.

Necessity of MidPoint

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

Implementation Overview

MidPoint records all activity in audit trail.

Implementation Details

MidPoint records all changes in data and configuration to structured audit trail. The trail can be searched and analyzed, some analysis tools are provided in midPoint administration user interface. User interface provides an ability to see the state of data as they looked in the past (a.k.a. "time machine"), which is based on reconstruction of data from the audit trail records. There are also several pre-configured dashboards using the audit trail information in midPoint user interface, with an option to add more customized dashboard components. The format of audit trail data is public and documented, which can be used as an integration point with other system. Especially security information and event management (SIEM) systems are meant to be consumers of midPoint audit trail data.

Rationale

MidPoint records all changes regarding access control and policies in its audit trail, making it a prominent source of security-related information.

Was this page helpful?
YES NO
Thanks for your feedback