While many criticize FISMA for being all documentation and no action, the law simply emphasizes the need for each federal agency to develop, document and implement an organizationwide program to secure the information systems that support its operations and assets. NIST SP 800-53, Recommended Security Controls for Federal Information Systems, describes log management controls including the generation, review, protection and retention of audit records, plus steps to take in the event of audit failure. It describes the need for log management in federal agencies and ways to establish and maintain successful and efficient log management infrastructures — including log generation, analysis, storage and monitoring.
NIST 800-92 discusses the importance of analyzing different kinds of logs from different sources and of clearly defining specific roles and responsibilities of those teams and individuals involved in log management.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines relevant security standards for health information.
NIST SP 800-66, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act Security Rule, details log management requirements for the securing of electronic protected health information.
The Payment Card Industry Data Security Standard (PCI-DSS), which applies to organizations that handle credit card transactions, mandates logging specific details and log review procedures to prevent credit card fraud, hacking and other related problems in companies that store, process or transmit credit card data.
Logs, which by nature allow for tracking IT infrastructure activity, are the best way to assess if, how, when and where a data breach has occurred. The major effect the age of compliance has had on log management is to turn it into a requirement rather than just a recommendation, and this change is certainly to the advantage of any organization subject to these regulations. It is easy to see why log collection and management is important, and the explicit inclusion of log management activities in major regulations like FISMA, HIPAA and PCI-DSS highlights how key it truly is to enterprise security as well as broader risk management needs.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9027080