compliance controls are associated with this Policy definition 'Generate internal security alerts' (171e377b-5224-4a97-1eaa-62a3b5231dac)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| CIS_Azure_Foundations_v2.1.0 |
2.1.18 |
CIS_Azure_Foundations_v2.1.0_2.1.18 |
CIS Azure Foundations v2.1.0 2.1.18 |
Security Monitoring |
Ensure 'Additional email addresses' is Configured with a Security Contact Email |
Shared |
n/a |
Ensure that a security contact email is set up for alerts and notifications. |
|
3 |
| CIS_Azure_Foundations_v2.1.0 |
2.1.19 |
CIS_Azure_Foundations_v2.1.0_2.1.19 |
CIS Azure Foundations v2.1.0 2.1.19 |
Security Monitoring |
Ensure That 'Notify about alerts with the following severity' is Set to 'High' |
Shared |
n/a |
Configure alert notifications to be sent for high-severity issues only. |
|
3 |
| CIS_Controls_v8.1 |
13.11 |
CIS_Controls_v8.1_13.11 |
CIS Controls v8.1 13.11 |
Network Monitoring and Defense |
Tune security event alerting thresholds |
Shared |
Tune security event alerting thresholds monthly, or more frequently.
|
To regularly adjust and optimize security event alerting thresholds, aiming to enhance effectiveness. |
|
50 |
| CIS_Controls_v8.1 |
17.2 |
CIS_Controls_v8.1_17.2 |
CIS Controls v8.1 17.2 |
Incident Response Management |
Establish and maintain contact information for reporting security incidents |
Shared |
1. Establish and maintain contact information for parties that need to be informed of security incidents.
2. Contacts may include internal staff, third-party vendors, law enforcement, cyber insurance providers, relevant government agencies, Information Sharing and Analysis Center (ISAC) partners, or other stakeholders.
3. Verify contacts annually to ensure that information is up-to-date. |
To establish and maintain a comprehensive contact list for entities that need to be notified in the event of security incidents. |
|
3 |
| CIS_Controls_v8.1 |
4.1 |
CIS_Controls_v8.1_4.1 |
CIS Controls v8.1 4.1 |
Secure Configuration of Enterprise Assets and Software |
Establish and maintain a secure configuration process. |
Shared |
1. Establish and maintain a secure configuration process for enterprise assets (end-user devices, including portable and mobile; non-computing/IoT devices; and servers) and software (operating systems and applications).
2. Review and update documentation annually, or when significant enterprise changes occur that could impact this safeguard. |
To ensure data integrity and safety of enterprise assets. |
|
44 |
| FedRAMP_High_R4 |
SI-5 |
FedRAMP_High_R4_SI-5 |
FedRAMP High SI-5 |
System And Information Integrity |
Security Alerts, Advisories, And Directives |
Shared |
n/a |
The organization:
a. Receives information system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis;
b. Generates internal security alerts, advisories, and directives as deemed necessary;
c. Disseminates security alerts, advisories, and directives to: [Selection (one or more): [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined elements within the organization]; [Assignment: organization-defined external organizations]]; and
d. Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.
Supplemental Guidance: The United States Computer Emergency Readiness Team (US-CERT) generates security alerts and advisories to maintain situational awareness across the federal government. Security directives are issued by OMB or other designated organizations with the responsibility and authority to issue such directives. Compliance to security directives is essential due to the critical nature of many of these directives and the potential immediate adverse effects
on organizational operations and assets, individuals, other organizations, and the Nation should the directives not be implemented in a timely manner. External organizations include, for example, external mission/business partners, supply chain partners, external service providers, and other peer/supporting organizations. Related control: SI-2.
References: NIST Special Publication 800-40. |
link |
4 |
| FedRAMP_Moderate_R4 |
SI-5 |
FedRAMP_Moderate_R4_SI-5 |
FedRAMP Moderate SI-5 |
System And Information Integrity |
Security Alerts, Advisories, And Directives |
Shared |
n/a |
The organization:
a. Receives information system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis;
b. Generates internal security alerts, advisories, and directives as deemed necessary;
c. Disseminates security alerts, advisories, and directives to: [Selection (one or more): [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined elements within the organization]; [Assignment: organization-defined external organizations]]; and
d. Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.
Supplemental Guidance: The United States Computer Emergency Readiness Team (US-CERT) generates security alerts and advisories to maintain situational awareness across the federal government. Security directives are issued by OMB or other designated organizations with the responsibility and authority to issue such directives. Compliance to security directives is essential due to the critical nature of many of these directives and the potential immediate adverse effects
on organizational operations and assets, individuals, other organizations, and the Nation should the directives not be implemented in a timely manner. External organizations include, for example, external mission/business partners, supply chain partners, external service providers, and other peer/supporting organizations. Related control: SI-2.
References: NIST Special Publication 800-40. |
link |
4 |
| hipaa |
1222.09ab3System.8-09.ab |
hipaa-1222.09ab3System.8-09.ab |
1222.09ab3System.8-09.ab |
12 Audit Logging & Monitoring |
1222.09ab3System.8-09.ab 09.10 Monitoring |
Shared |
n/a |
The organization analyzes and correlates audit records across different repositories using a security information and event management (SIEM) tool or log analytics tools for log aggregation and consolidation from multiple systems/machines/devices, and correlates this information with input from non-technical sources to gain and enhance organization-wide situational awareness. Using the SIEM tool, the organization devise profiles of common events from given systems/machines/devices so that it can tune detection to focus on unusual activity, avoid false positives, more rapidly identify anomalies, and prevent overwhelming analysts with insignificant alerts. |
|
10 |
| ISO27001-2013 |
A.6.1.4 |
ISO27001-2013_A.6.1.4 |
ISO 27001:2013 A.6.1.4 |
Organization of Information Security |
Contact with special interest groups |
Shared |
n/a |
Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained. |
link |
6 |
| NIST_SP_800-53_R4 |
SI-5 |
NIST_SP_800-53_R4_SI-5 |
NIST SP 800-53 Rev. 4 SI-5 |
System And Information Integrity |
Security Alerts, Advisories, And Directives |
Shared |
n/a |
The organization:
a. Receives information system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis;
b. Generates internal security alerts, advisories, and directives as deemed necessary;
c. Disseminates security alerts, advisories, and directives to: [Selection (one or more): [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined elements within the organization]; [Assignment: organization-defined external organizations]]; and
d. Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.
Supplemental Guidance: The United States Computer Emergency Readiness Team (US-CERT) generates security alerts and advisories to maintain situational awareness across the federal government. Security directives are issued by OMB or other designated organizations with the responsibility and authority to issue such directives. Compliance to security directives is essential due to the critical nature of many of these directives and the potential immediate adverse effects
on organizational operations and assets, individuals, other organizations, and the Nation should the directives not be implemented in a timely manner. External organizations include, for example, external mission/business partners, supply chain partners, external service providers, and other peer/supporting organizations. Related control: SI-2.
References: NIST Special Publication 800-40. |
link |
4 |
| NIST_SP_800-53_R5 |
SI-5 |
NIST_SP_800-53_R5_SI-5 |
NIST SP 800-53 Rev. 5 SI-5 |
System and Information Integrity |
Security Alerts, Advisories, and Directives |
Shared |
n/a |
a. Receive system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis;
b. Generate internal security alerts, advisories, and directives as deemed necessary;
c. Disseminate security alerts, advisories, and directives to: [Selection (OneOrMore): [Assignment: organization-defined personnel or roles] ; [Assignment: organization-defined elements within the organization] ; [Assignment: organization-defined external organizations] ] ; and
d. Implement security directives in accordance with established time frames, or notify the issuing organization of the degree of noncompliance. |
link |
4 |
|
op.exp.7 Incident management |
op.exp.7 Incident management |
404 not found |
|
|
|
n/a |
n/a |
|
103 |
|
org.2 Security regulations |
org.2 Security regulations |
404 not found |
|
|
|
n/a |
n/a |
|
100 |