Logging is occurring for assets within the function that may be leveraged to achieve a threat objective, wherever feasible
Context and Guidance: This practice builds on the logging activities identified in SITUATION-1a to include assets that may be used in the pursuit of threat actor objectives. A threat actor may leverage multiple tactics, such as those defined in the MITRE ATT&CK Framework, to achieve their ultimate threat objective (for example, extortion, data manipulation, IP theft, customer data theft, sabotage). Logging may not be feasible for all types of assets within the function. Where logging is not feasible, organisations may consider implementing mitigating controls, such as limiting physical or logical access.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: SITUATION-1a, SITUATION-1b, SITUATION-1c, SITUATION-1d, SITUATION-1f.