BSI Minimum Standard for Logging and Detection of Cyber Attacks

In Germany we have a Federal Office for Information Security (BSI, Bundesamt für Sicherheit in der IT). The functions of the BSI includes the investigation of security risks in association with the use of IT and the developing of preventive security measures. One of these preventive measures is the definition of a minimum standard for logging and detection of cyber attacks. This minimum standard regulates the logging and detection of security-relevant events (SRE), to establish a targeted and common procedure for detecting and defending against cyber attacks on the federal government’s communications technology. For all those, who work in the public sector, therefore a default. The first appendix of the document contains the Federal Logging Policy (PR-B, Protokollierungsrichtlinie Bund). The part IV contains the logging requirements for the IT systems (page 40). This includes operating system, system services and cross-sectional services/administrative procedures. Undoubtedly, RPA belongs to the last category. The guideline currently only contains requirements for the operating system and system services (version 2.04). “The logging data to be collected in the other layers will be regulated in a future version.” This will also affect RPA workflows and RPA infrastructure.

“To ensure reliable IT operations, IT systems and applications should log either all or at least selected events relevant to operations and security, i.e. they should automatically store and and make them available for evaluation.” This is the requirement of the BSI Basic Protection Compendium (IT-Grundschutzkompendium) in OPS.1.1.5, also as a basis for the PR-B. The Action Mapping of the UiPath Audit log delivers here a very good base to meet all these requirements. It will be exciting to see which specific requirements will be formulated in the future PR-B.