Applications log access (attempts) to sensitive data.
Applications log mutations of system configurations and sensitive data. Original values are recommended but not necessitated to be stored.
Specification
Mutation and data access logs adhere to all logging rules as defined in IS.5.002.
ISO 27001 & 27002:2022
A8.15,
A8.16
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
SM.04 Logging