T-NJCESS 002-2024 内生安全系统安全日志技术要求

ICS35.030 CCSL70 T/NJCESS 团体标准 T/NJCESS002-2024 内生安全系统安全日志技术要求 Technicalrequirementsforsecuritylogsinendogenoussecurity systems 2024-12-26发布 2025-06-30实施南京市网络空间内生安全协会发布全国团体标准信息平台 I目次前言 ............................................................................................................................II 1范围.................................................................................................................................................1 2规范性引用文件............................................................................................................................1 3术语和定义....................................................................................................................................1 4缩略语.............................................................................................................................................3 5概述.................................................................................................................................................3 6内生安全系统安全日志记录要求................................................................................................3 6.1内生安全系统安全日志记录的组件.................................................................................4 6.2内生安全系统安全领域内具体可观测事件最小集.........................................................6 6.3内生安全系统安全日志事件记录编码.............................................................................6 6.4内生安全系统安全日志文件形式信息载体的约束规范.................................................7 7内生安全系统安全日志采集要求................................................................................................8 7.1明确采集目标.....................................................................................................................8 7.2选择采集工具.....................................................................................................................9 7.3配置采集策略.....................................................................................................................9 7.4日志采集安全.....................................................................................................................9 8内生安全系统安全日志存储要求................................................................................................9 8.1日志存储保证可用性和可扩展性.....................................................................................9 8.2日志存储的时长...............................................................................................................10 8.3日志存储路径...................................................................................................................10 8.4日志存储安全...................................................................................................................10 9内生安全系统安全日志共享要求..............................................................................................10 9.1日志共享标准化...............................................................................................................10 9.2日志共享安全...................................................................................................................10 附录A...............................................................................................................................................11 A.1.事件记录的级别说明........................................................................................................11 A.2.location编码表说明..........................................................................................................11 A.3.日志类型说明....................................................................................................................11 附录B...............................................................................................................................................12 B.1.事件自身属性字段字典说明............................................................................................12 B.2.输入代理事件分类标签通用词汇表最小集说明............................................................12 B.3.输入代理字段字典说明....................