A10:2017 - Insufficient Logging and Monitoring

Official Content

Actions by GeneXus

Actions by Developers

  • If GAM is used logging successful/unsuccessful Logins and add, change and modify user's information operations.
  • If GAM isn't used must develop a customized access control module and add the corresponding logging actions.
  • Must establish a monitoring process and effective alerts. Also, a response plan like NIST 800-61 rev2 or later.