Many of the controls we must meet ourselves from the ITAP Security Assessment talk about logging of entities and producing audit trails of stuff.
ITAP does it for some things via the simplehistory module, but lots of the other things need to be captured in a format that can be exchanged easily between different security teams.
By setting up the logging systems in this template to ensure the outputs conform to SRTM requirements, we're well ahead of the game for all future projects.
Many of the controls we must meet ourselves from the ITAP Security Assessment talk about logging of entities and producing audit trails of stuff.
ITAP does it for some things via the simplehistory module, but lots of the other things need to be captured in a format that can be exchanged easily between different security teams.
By setting up the logging systems in this template to ensure the outputs conform to SRTM requirements, we're well ahead of the game for all future projects.