EN 304 621: Require tamper-evident audit logs for administrative actions affecting managed assets
## Draft
- Standard: EN 304 621 (Network Management Systems)
- Draft version:
- Section: \<TBD: Logging / audit / administrative actions\>
## Problem / Observation
NMS is a privileged control plane. Administrative actions (create/modify/delete config, credentials, trust anchors, device enrollments) must be evidence-grade and tamper-evident.
## Proposed change (exact text)
Add:
"The product SHALL generate tamper-evident audit logs for administrative actions, including: authentication events, privilege/role changes, configuration changes, device enrollment/unenrollment, credential changes, trust-anchor changes (if applicable), and policy changes. Logs SHALL include event time, actor identity, action type, and affected scope/object identifiers (non-sensitive), and SHALL provide an integrity mechanism (e.g., hash-chain or equivalent)."
## Rationale
- Enables forensic reconstruction and CRA evidence.
- Detects log manipulation and unauthorized admin activity.
## Conformance impact
- PASS if required actions are logged and integrity verification detects tampering.
- FAIL if privileged actions are not auditable or logs are mutable.
issue