TA Review – Logging & Log Management Utah Department of Technology Services January 2008
Introduction The State is required to store and analyze logs to comply with federal legislation and regulations, including the Federal Information Security Management Act of 2002 (FISMA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), IRS Security (Publication 1075), and the Payment Card Industry Data Security Standard (PCI DSS), to name a few. The purpose of this review is to assess the current state of centralized logging services in the context of specific logging requirements by the Utah Tax Commission. The report assesses current capabilities, market trends, and makes recommendations for growing a responsive and capable enterprise logging service with the DTS Security office. Cost analysis is limited, since solution alternatives for upgrading the existing requirement have not been firmly established.