Which measures protect logging integrity in Annex B?

Protecting logging integrity means making sure logs are trustworthy, tamper-evident, and verifiable. The best option combines three ideas: write-once or tamper-evident storage so entries can’t be altered without detection; centralized storage so there’s a single, auditable repository with consistent security controls; and cryptographic signing to authenticate each log entry and prove it hasn’t been changed. Together, these measures cover detection of tampering, trustworthy provenance, and an authoritative record that can be validated later. Rotating or deleting logs to save space can erase evidence and doesn’t prevent or reveal tampering. Centralized storage helps with consistency and access control, but without tamper detection and signing, changes could go unnoticed. Storing logs only on local devices concentrates risk in a single device that could be compromised or lost, making them harder to verify and recover.