I agree with you too - the FASP project if Dr. Tim Polk's wife's (I forget her name)... and Tim is of course one of the chairs of the IETF's PKIX WG. -- Regards, Todd This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. -------------- Original message ---------------------- From: "Safier, Adam *" <Safier@private> > I look at FASP as nice samples and education but not standards. Many > "standards", requirements and guidelines call for logging and even storage > duration but I'm not sure I would call that log management. The FASP for > audit feels like just a beginning of a policy. Management would include > policy and actual practices, including design documents specifying what is > logged. Not the least would be a operating procedure for reducing the logs > and the process of reviewing them. Of course, that is just my opinion. > > Adam > > > > -----Original Message----- > From: todd.glassey@private [mailto:todd.glassey@private] > Sent: Monday, August 29, 2005 5:37 PM > To: Safier, Adam *; loganalysis@private > Subject: Re: [logs] Re: "What Works in Log Management" webcast > > > > Adam - look up FASP at the CSRC NIST security server. > > Todd Glassey > -- > Regards, > Todd > > This message (including any > attachments) contains confidential > information intended for a > specific individual and purpose, > and is protected by law. If you > are not the intended recipient, > you should delete this message. > Any disclosure, copying, or > distribution of this message, or > the taking of any action based on > it, is strictly prohibited. > > > -------------- Original message ---------------------- > From: "Safier, Adam *" <Safier@private> > > I'm not aware of a specific one at the federal standards level. But I > think > > I heard that DHS might be starting a best practices group. > > > > Adam > > > > -----Original Message----- > > From: todd.glassey@private [mailto:todd.glassey@private] > > Sent: Monday, August 29, 2005 1:49 PM > > To: Safier, Adam *; loganalysis@private > > Subject: Re: [logs] "What Works in Log Management" webcast > > > > > > Adam - is there a FISP (Federal Information Security practice) for log > > management within the US Government? > > > > T. > > > > -- > > Regards, > > Todd _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed Aug 31 2005 - 21:35:35 PDT