← Back to catalog
RA-5(8)
Review Historic Audit Logs
Risk Assessment (RA)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description
Review historic audit logs to determine if a vulnerability identified in a [assignment] has been previously exploited within an [assignment].
Discussion
Reviewing historic audit logs to determine if a recently detected vulnerability in a system has been previously exploited by an adversary can provide important information for forensic analyses. Such analyses can help identify, for example, the extent of a previous intrusion, the trade craft employed during the attack, organizational information exfiltrated or modified, mission or business capabilities affected, and the duration of the attack.
Implementation guidance
No content available.
CSF 2.0 crosswalk
No CSF mappings exist for this control.