SID-OPS-06 — Monitoring and Alerting
| Property | Value |
|---|---|
| Owner | operator |
| Category | technical |
| CSF Function | detect |
| Group | Operational Controls |
Description
Centralized logging and SIEM operations for wallet deployments.
Scope note: this control owns closure criteria for deployment-level logging/monitoring findings (including AV-P-4). Platform controls SID-AUDIT-01 and SID-AUDIT-02 provide structured event emission and taxonomy prerequisites; centralized aggregation, retention, SIEM, dashboarding, and alert operations are operator responsibilities.
Implementation requirements: (1) Collection and aggregation: operator MUST collect logs from wallet backend services, trust service components, reverse proxy, database audit streams, and infrastructure security controls into a centralized SIEM or log platform. (2) Integrity and transport: log forwarding MUST use encrypted transport (TLS 1.2+) and authenticated shippers/agents. SIEM storage MUST be write-protected to prevent tampering. (3) Retention: security-relevant logs MUST be retained for at least 1 year, with searchable hot storage for at least 90 days. Retention schedule MUST align with legal/regulatory obligations. (4) Time synchronization: all systems emitting logs MUST use NTP with monitored drift to preserve event chronology. (5) Alerting: documented alert rules MUST exist for failed authentication spikes, privileged access changes, trust list validation failures, unusual error rates, and incident keywords. (6) On-call and response: operator MUST define on-call escalation procedure and response SLA for SIEM alerts.
The platform provides structured log output and event taxonomy controls (SID-AUDIT-01, SID-AUDIT-02); this control covers the operator deployment and operationalization of SIEM.
Review criteria: SIEM architecture diagram, ingestion evidence from all required sources, retention policy document, alert rule set, and recent alert-handling record.
Components
Source References
Framework Requirements
EUDI Security Requirements: GEN-7.9.1-01