Problem solve Get help with specific problems with your technologies, process and projects.

Are there efforts to develop a common logging and audit standard?

As many people believe a common logging and audit standard is imminent, what steps are being taken to create one? Identity and access management expert Joel Dubin gives his thoughts.

What's the latest on efforts to develop a common logging and audit standard? Since many believe a standard will eventually emerge, is there anything my organization should do today to prepare and perhaps make a transition easier down the road?
The main initiative in this area is Common Event Expression (CEE), which is meant to be a standard log language for reporting events across different systems. The rationale for a common logging language is common sense. With a common way to report events, malicious activity can not only be tracked across different systems and platforms, it can also be tracked universally in a common repository for security investigators.

Before CEE, log reporting was platform specific, making it difficult, if not impossible, to correlate similar events across systems. CEE, which was spearheaded by MITRE in 2007 through an industry working group, is a common taxonomy, syntax and language for reporting log events. MITRE is an organization that works with the U.S. government on technology issues, including IT security.

The benefits of consistent event and log reporting are enormous. It defines an event unambiguously according to an agreed upon standard, no matter the platform where it occurred, and tightens compliance by providing a standard definition for events for auditors and regulators. It can also cut costs of log management by reducing redundancy in logging from multiple systems.

The status of CEE is that MITRE has an active working group with a mailing list for those interested in participating. For more information about the working group, including how to subscribe to the mailing list, check the MITRE website.

Another good guide on security log management is Special Publication 800-92 from the National Institute of Standards and Technology (NIST).

More information:

This was last published in June 2008

Dig Deeper on IT security audits and audit frameworks

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.