← Back to catalog
RA-5(8)

Review Historic Audit Logs

Risk Assessment (RA)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Review historic audit logs to determine if a vulnerability identified in a [assignment] has been previously exploited within an [assignment].

Discussion

Reviewing historic audit logs to determine if a recently detected vulnerability in a system has been previously exploited by an adversary can provide important information for forensic analyses. Such analyses can help identify, for example, the extent of a previous intrusion, the trade craft employed during the attack, organizational information exfiltrated or modified, mission or business capabilities affected, and the duration of the attack.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.