NIST SP 800-92
Guide to Computer Security Log Management
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (8)
Integration with NIST Family and Maturity
| Code | Title |
|---|---|
| NISTSP92-8 | Integration with NIST SP 800-53 AU Family, SP 800-137 ConMon, SP 800-61 IR, and Maturity |
Log Analysis and Detection
| Code | Title |
|---|---|
| NISTSP92-5 | Log Analysis: Correlation, Baselining, Anomaly Detection, Alerting, Manual Review |
Log Generation
| Code | Title |
|---|---|
| NISTSP92-2 | Log Generation: OS, Application, Security Tools, Network, Cloud, Required Event Content |
Log Infrastructure
| Code | Title |
|---|---|
| NISTSP92-3 | Log Infrastructure: Architecture, Centralisation, Transport Security, SIEM Governance |
Log Management Operations
| Code | Title |
|---|---|
| NISTSP92-4 | Log Management: Time Synchronisation, Parsing, Storage, Integrity, Access Control |
Log Management Programme
| Code | Title |
|---|---|
| NISTSP92-1 | Log Management Programme, Policy, Roles, and Operational Runbooks |
Log Retention and Disposition
| Code | Title |
|---|---|
| NISTSP92-6 | Log Retention: Policy, Tiered Storage, Backup, Secure Disposal, Legal Hold |
Privacy + Cloud/SaaS Logs
| Code | Title |
|---|---|
| NISTSP92-7 | Privacy in Logs, Sensitive Content Handling, Cloud and SaaS Log Considerations |
Your Compliance Coverage
If you comply with NIST SP 800-92, you already cover:
OWASP MASVS
88%
7 controls mapped
Compare →OWASP ASVS
88%
7 controls mapped
Compare →ISO 27043
88%
7 controls mapped
Compare →+ 147 more: ISO/SAE 21434 (88%), CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0 (75%)
See all 150 mapped frameworks ↓Maps to 150 other frameworks
Frequently Asked Questions
What is NIST SP 800-92?
NIST SP 800-92 is a compliance framework from United States with 8 domains and 8 controls. Guide to Computer Security Log Management It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does NIST SP 800-92 have?
NIST SP 800-92 has 8 controls organised across 8 domains. The largest domains are Integration with NIST Family and Maturity (1 controls), Log Analysis and Detection (1 controls), Log Generation (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does NIST SP 800-92 map to?
NIST SP 800-92 maps to 150 other compliance frameworks. The top mapping partners are OWASP MASVS (88% coverage), OWASP ASVS (88% coverage), ISO 27043 (88% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with NIST SP 800-92 compliance?
Start your NIST SP 800-92 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about NIST SP 800-92 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.
Get Started Free →Free forever — no credit card required