The Massachusetts General Law Chapter 93H regulation 201 CMR 17.00 was established to protect personal information of residents of the Commonwealth of Massachusetts. This regulation applies to all organizations, companies, or persons that own or license personal information about Massachusetts residents. To be complaint with 201 CMR 17.00, all affected organizations must create, implement, and maintain an auditable comprehensive written information security program, holding administration, and technical/physical safeguards.
Since IT environments can generate millions of logs daily, DoDI 8500.2 has recommendations of analyzing and reporting on log data can reduce manual or homegrown remedies that are inadequate and cost prohibitive.
The collection, management, and analysis of log data is necessary to meet many DoDI 8500.2 guidelines. LogIT meets these recommendations directly and inexpensively. LogIT delivers log collection, archiving, and recovery across clients’ entire IT infrastructure.
NIST-CSF sets information security standards and guidelines for serious infrastructure as defined within the Executive Order 13636 from the President of the United States of America. NIST-CSF guides critical infrastructure agencies in documenting and applying controls of information technology systems that support their operations and assets. These published guidelines cover many areas involving access control, audit and accountability, incident response, and system and information integrity. All of these areas can be met with the help of log management. Each agency is responsible for implementing the minimum security necessities as outlined by NIST.
NIST 800-53 produces information security standards and guidelines for federal information systems. It guides federal agencies in documenting and implementing controls that cover access control, audit and accountability, incident response, and system and information integrity.
In the Code of Federal Regulations, Section 73.54, Title 10 it is required that the NRC licensees provide high assurance that digital computer and communication systems and networks are sufficiently protected against cyber-attacks. The NRC developed and published “Regulatory Guide 5.71” to cover many areas surrounding access control, audit and accountability, incident response, and system and information integrity.
The NEI developed and published the NEW 08-09 Rev 6 to address many areas surrounding access control, audit and accountability, incident response, and system and information integrity. This is an extension of CFR 73.54.