Skip to main content

Auditability in NoCode-X.com: Comprehensive Logging and Compliance

Auditability is a critical feature of the NoCode-X.com platform, ensuring that all actions related to data access, updates, deletions, and creations are logged consistently across the ecosystem. This robust logging mechanism supports compliance with industry standards, provides transparency, and enables organizations to respond effectively to cybersecurity incidents.

Concepts

1. Default Logging

  • By default, all updates, deletions, and creations are logged across the platform.
  • When a sensitive data label is assigned to information, read access is also logged.
    This ensures that access to sensitive data is traceable, addressing a common gap in many cybersecurity incidents.

2. Sensitive Data Logging

  • In many data breaches, organizations often state:
    "There is no evidence proving that the information was accessed by unauthorized people."
    This lack of evidence is not proof that a breach did not occur but rather highlights inadequate logging practices.
    NoCode-X.com addresses this by ensuring read access logging for sensitive data, providing clear evidence of who accessed the information.

3. Retention Period

  • Logs are retained for up to 1 year, which is generally sufficient given that most cyber breaches are discovered within x to y days (research indicates the average discovery time for breaches is between 200 and 280 days).
    This retention period ensures that logs are available for forensic analysis and compliance purposes.

4. Consistency Across the Ecosystem

  • Logging is consistent throughout the entire NoCode-X.com ecosystem, including:
    • Data access through APIs.
    • Templates (web forms).
  • This ensures that all actions are traceable, regardless of how the data is accessed or modified.

Developer-Friendly Logging Component

NoCode-X.com provides a logging component that allows developers to easily and consistently log information into the platform's logging database. This component is designed to be:

  • Easy to use: Developers can quickly integrate logging into their applications.
  • Flexible: Attributes allow developers to customize logs while maintaining structure.

Features of the Logging Component

  1. Scope: Developers can define the scope of the application or use free text.
  2. Logline Placeholders: Every occurrence of {{PLACEHOLDER}} in the log text is replaced by the corresponding values.
  3. Severity Levels: Developers can select from predefined levels of severity:
    • Error
    • Debug
    • Warn
    • Info
    • Trace

Images of the Component

  • Component Interface:
    image
  • Component Parameters:
    image

This component ensures that developers have the freedom to log information in a structured manner while maintaining consistency across the platform.

Compliance with Industry Standards

The auditability features of NoCode-X.com align with key cybersecurity and compliance standards, including ISO 27001:2022, NIST-53 CSF, and Cyber Fundamentals Essentials.

ISO 27001:2022

  • Clause 9.1 (Monitoring, Measurement, Analysis, and Evaluation): Ensures that logging and monitoring processes are implemented and maintained.
  • Annex A.8.15 (Logging): Requires logs to record activities, exceptions, faults, and other relevant events.
  • Annex A.8.16 (Monitoring Activities): Supports the monitoring of networks, systems, and applications for anomalous behavior.
  • Annex A.8.17 (Clock Synchronization): Ensures that logs are timestamped with synchronized clocks for accuracy.

NIST-53 CSF

  • DE.AE-3 (Event Data Collection and Correlation): Logs are collected and correlated from multiple sources to detect anomalies and events.
  • PR.PT-1 (Audit/Log Records): Logs are maintained, documented, and reviewed in accordance with policy.
  • DE.CM-1 (Network Monitoring): Supports the detection of potential cybersecurity events through consistent logging.

Cyber Fundamentals Essentials

  • PR.PT-1 (Audit/Log Records): Ensures that logs are maintained and reviewed to detect unusual trends or activities.
  • DE.AE-3 (Event Data Collection): Logs are correlated across systems to identify inappropriate or unusual activity.
  • PR.AC-4 (Access Permissions and Authorizations): Logs access permissions and authorizations to ensure compliance with the principle of least privilege.

Benefits of NoCode-X.com’s Auditability Features

  1. Enhanced Security: Comprehensive logging ensures that all actions are traceable, reducing the risk of undetected breaches.
  2. Compliance: Aligns with industry standards, making it easier for organizations to meet regulatory requirements.
  3. Transparency: Provides clear evidence of who accessed or modified data, supporting forensic investigations.
  4. Developer Empowerment: The logging component allows developers to implement logging quickly and consistently, ensuring adherence to best practices.
  5. Business Insights: Enables business users to gain clear insights into data access and usage, helping them achieve their objectives.

Summary

Auditability in NoCode-X.com is designed to provide a robust and consistent logging framework that supports compliance, enhances security, and empowers developers and business users. By default, all updates, deletions, and creations are logged, and read access is logged for sensitive data. The platform’s logging component ensures that developers can easily integrate logging into their applications, maintaining consistency across the ecosystem.

With alignment to ISO 27001:2022, NIST-53 CSF, and Cyber Fundamentals Essentials, NoCode-X.com provides organizations with the tools they need to meet industry standards and respond effectively to cybersecurity incidents.