Log Network API Calls for Data Protection
Ensure API calls over the internet that change or access sensitive data are logged centrally.
Plain language
It's crucial to keep track of when your computer systems make requests for or change important information online. If you don't, you might miss signs of an attack or misuse that could lead to data exposure or financial loss.
Framework
ASD Information Security Manual (ISM)
Control effect
Detective
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2025
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for software developmentOfficial control statement
Network API calls that facilitate modification of data, or access to data not authorised for release into the public domain, and are accessible over the internet, are centrally logged.
Why it matters
Without centrally logging internet-exposed API calls that modify or access sensitive data, breaches may go undetected, enabling theft and reputational harm.
Operational notes
Centrally capture logs for internet-exposed APIs (create/update/delete and sensitive reads), sync time, and routinely alert on anomalous access patterns.
Implementation tips
- IT team should set up central logging: Ensure that all changes to sensitive information made via online requests (network API calls) are recorded in a single place. Use available tools to automatically gather these logs from the systems involved.
- System admins should define what counts as sensitive data: Clearly identify which types of data are sensitive and need to be logged when accessed or changed. Create a list with examples such as customer information or financial records.
- Managers should oversee a regular logging review: Schedule routine checks to ensure logs are properly recorded and any anomalies are caught early. Assign someone to be responsible for these regular reviews and establish a simple procedure for them.
- Procurement should acquire suitable logging tools: Purchase or subscribe to tools that can reliably gather and store logs from all relevant systems and are easy for your IT team to use. Consider tools recommended by the Australian Cyber Security Centre (ACSC).
- Training coordinators should educate staff: Provide training sessions for relevant staff about the importance of logging and how to handle logs securely. Include practical exercises that show how logs help spot security issues.
Audit / evidence tips
-
Askthe central logging configuration: Request documentation that describes the logging setup for API calls
Goodshows comprehensive coverage of sensitive actions
-
Askrecent log reviews: Request records showing when recent log reviews were conducted and by whom
Goodincludes regular review dates and documented follow-ups on anomalies
-
Askto see data classification lists: Request lists or policies that identify sensitive data requiring logging
Goodaligns with your risk assessment and covers all critical data
-
Askstaff training records: Request evidence of training sessions for staff involved in logging
Goodincludes completed and up-to-date training that covers logging practices
-
Aska demonstration of logging tools: Request a walk-through of how your logging tools work and where logs are located
Goodshows a tool that effectively centralises logs and is easy for staff to manage
Cross-framework mappings
How ISM-1910 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
E8
| Control | Notes | Details |
|---|---|---|
| handshake Supports (4) expand_less | ||
| E8-AC-ML2.6 | ISM-1910 requires centrally logging internet-accessible network API calls that modify data or access non-public data | |
| E8-MF-ML2.7 | ISM-1910 requires centrally logging internet-accessible network API calls that modify data or access non-public data | |
| E8-RA-ML2.8 | ISM-1910 requires centrally logging internet-accessible network API calls that modify data or access non-public data | |
| E8-AH-ML2.13 | ISM-1910 requires centrally logging internet-accessible network API calls that modify data or access non-public data | |
| extension Depends on (1) expand_less | ||
| E8-AC-ML2.7 | ISM-1910 requires centrally logging internet-accessible network API calls that modify data or access non-public data | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.