EN 304 621: Require tamper-evident audit logs for administrative actions affecting managed assets
## Draft - Standard: EN 304 621 (Network Management Systems) - Draft version: - Section: \<TBD: Logging / audit / administrative actions\> ## Problem / Observation NMS is a privileged control plane. Administrative actions (create/modify/delete config, credentials, trust anchors, device enrollments) must be evidence-grade and tamper-evident. ## Proposed change (exact text) Add: "The product SHALL generate tamper-evident audit logs for administrative actions, including: authentication events, privilege/role changes, configuration changes, device enrollment/unenrollment, credential changes, trust-anchor changes (if applicable), and policy changes. Logs SHALL include event time, actor identity, action type, and affected scope/object identifiers (non-sensitive), and SHALL provide an integrity mechanism (e.g., hash-chain or equivalent)." ## Rationale - Enables forensic reconstruction and CRA evidence. - Detects log manipulation and unauthorized admin activity. ## Conformance impact - PASS if required actions are logged and integrity verification detects tampering. - FAIL if privileged actions are not auditable or logs are mutable.
issue