WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.
@@ -1359,7 +1359,7 @@ The product shall record security-relevant internal events, including but not li
#### 5.2.X.x **MI-LOGG**: Logging
The product shall record log messages indicating security-relevant internal events in an internal or external log. The log messages shall not include any confidential information such as PII, secrets, or credentials, or any information which might reasonably be expected to include such items.
The product shall record log messages indicating security-relevant internal events in an internal log or transmit them to the host system logging system. The log messages shall not include any confidential information such as PII, secrets, or credentials, or any information which might reasonably be expected to include such items.
* Reference: TR-LOGG
* Objective: Monitoring and recording security-relevant events
@@ -1371,16 +1371,13 @@ The product shall record log messages indicating security-relevant internal even
Guidance: One type of event whose log message must take care to not accidentally include a secret is failed password authentication attempts. Since people often type their password into the username field, including the username field in the log message may result in including a secret in the log message.
