Guidance applicable to Red Hat (What do offerings need to do to fulfill this?)
For a product:
Product must have integrated logging facilities
Logging for security critical functions must be enabled by default. Others should be configurable.
Logs must have all the relevant information described above including timestamps in-coordination with either system clock or network time.
Ability for admins to review audit logs

For a service:
Ensure logging is enabled in the service, at least for security critical parts like account login.
Ensure that there is a mechanism in place to detect log entries that might indicate an breach.
Ensure logs have all the relevant information mentioned above.
Services must send security relevant information to corporate Splunk (Infosec requirement).
NOTE: Services must send security relevant information to the corporate Splunk.
It must be possible to configure products to send logs to a centralized logging facility.

Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-2-extended-functionality-offerings/amq-clients/tasks/phase/specifications/141-T1385/

Training Modules

Continuous Compliance

• Institute secure logging and event monitoring

Defending Web Applications

• Monitoring Logs
• Password Management
• Defending Against Insecure Logging Attacks

Secure Software Design

• Logging and Auditing

Opsec Fundamentals

• SOC and Incident Management

PCI SSF Compliance

• Secure software operations

Defending Django

• Logging and Monitoring Django Applications

Secure Software Acceptance and Deployment

• Create an ISCM and Gather Security Metrics Continuously

Defending Node.js

• Log Application Activity