compliance controls are associated with this Policy definition 'Diagnostic logs in Azure AI services resources should be enabled' (1b4d1c4e-934c-4703-944c-27c82c06bebb)
Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
Azure_Security_Benchmark_v3.0 |
LT-3 |
Azure_Security_Benchmark_v3.0_LT-3 |
Microsoft cloud security benchmark LT-3 |
Logging and Threat Detection |
Enable logging for security investigation |
Shared |
**Security Principle:**
Enable logging for your cloud resources to meet the requirements for security incident investigations and security response and compliance purposes.
**Azure Guidance:**
Enable logging capability for resources at the different tiers, such as logs for Azure resources, operating systems and applications inside in your VMs and other log types.
Be mindful about different type of logs for security, audit, and other operation logs at the management/control plane and data plane tiers. There are three types of the logs available at the Azure platform:
- Azure resource log: Logging of operations that are performed within an Azure resource (the data plane). For example, getting a secret from a key vault or making a request to a database. The content of resource logs varies by the Azure service and resource type.
- Azure activity log: Logging of operations on each Azure resource at the subscription layer, from the outside (the management plane). You can use the Activity Log to determine the what, who, and when for any write operations (PUT, POST, DELETE) taken on the resources in your subscription. There is a single Activity log for each Azure subscription.
- Microsoft Entra logs: Logs of the history of sign-in activity and audit trail of changes made in the Microsoft Entra ID for a particular tenant.
You can also use Microsoft Defender for Cloud and Azure Policy to enable resource logs and log data collecting on Azure resources.
**Implementation and additional context:**
Understand logging and different log types in Azure:
https://docs.microsoft.com/azure/azure-monitor/platform/platform-logs-overview
Understand Microsoft Defender for Cloud data collection:
https://docs.microsoft.com/azure/security-center/security-center-enable-data-collection
Enable and configure antimalware monitoring:
https://docs.microsoft.com/azure/security/fundamentals/antimalware#enable-and-configure-antimalware-monitoring-using-powershell-cmdlets
Operating systems and application logs inside in your compute resources:
https://docs.microsoft.com/azure/azure-monitor/agents/data-sources#operating-system-guest |
n/a |
link |
16 |
EU_AI_Act_2024_1689 |
12.1 |
EU_AI_Act_2024_1689_12.1 |
EU AI Act 2024 1689 12.1 |
12 |
Enable Automated Event Logging for High-Risk AI Systems |
Shared |
n/a |
Allow for the automatic recording of events (logs) over the operational lifetime of a high-risk AI system for accountability and traceability of actions taken by the system. |
|
1 |
EU_AI_Act_2024_1689 |
12.2 |
EU_AI_Act_2024_1689_12.2 |
EU AI Act 2024 1689 12.2 |
12 |
Enable Logging Capabilities for High-Risk AI Systems to Support Traceability |
Shared |
n/a |
Enable logging capabilities in high-risk AI systems to record events relevant for identifying risks, supporting post-market monitoring, and tracking system operations to ensure traceability aligned with the system’s purpose. |
|
1 |
EU_AI_Act_2024_1689 |
15.5 |
EU_AI_Act_2024_1689_15.5 |
EU AI Act 2024 1689 15.5 |
15 |
Implement Cybersecurity Measures for High-Risk AI Systems |
Shared |
n/a |
Confirm high-risk AI systems are resilient against unauthorized attempts to alter their use or performance. Implement appropriate technical solutions to address vulnerabilities, including measures to prevent, detect, and respond to data poisoning, model poisoning, and adversarial attacks. |
|
6 |
EU_AI_Act_2024_1689 |
55.1d |
EU_AI_Act_2024_1689_55.1d |
EU AI Act 2024 1689 55.1d |
55 |
Ensure Cybersecurity for General-Purpose AI Models with Systemic Risk |
Shared |
n/a |
Ensure, as required for AI providers of general-purpose AI models with systemic risk, an adequate level of cybersecurity for both the model and its supporting physical infrastructure. |
|
6 |
K_ISMS_P_2018 |
2.10.1 |
K_ISMS_P_2018_2.10.1 |
K ISMS P 2018 2.10.1 |
2.10 |
Establish Procedures for Managing the Security of System Operations |
Shared |
n/a |
Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions. |
|
455 |
K_ISMS_P_2018 |
2.10.2 |
K_ISMS_P_2018_2.10.2 |
K ISMS P 2018 2.10.2 |
2.10 |
Establish Protective Measures for Administrator Privileges and Security Configurations |
Shared |
n/a |
Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations. |
|
431 |
K_ISMS_P_2018 |
2.11.1 |
K_ISMS_P_2018_2.11.1 |
K ISMS P 2018 2.11.1 |
2.11 |
Establish Procedures for Managing Internal and External Intrusion Attempts |
Shared |
n/a |
Establish procedures for detecting, analyzing, sharing, and effectively responding to internal and external intrusion attempts to prevent personal information leakage. Additionally, implement a framework for collaboration with relevant external agencies and experts. |
|
82 |
K_ISMS_P_2018 |
2.11.5 |
K_ISMS_P_2018_2.11.5 |
K ISMS P 2018 2.11.5 |
2.11 |
Establish Procedures to Respond and Recover from Incidents |
Shared |
n/a |
Establish procedures to respond and recover from incidents in a timely manner, including legal obligations for disclosing information. Additional procedures must be established and implemented to prevent recurrence. |
|
82 |
NIS2 |
LT._Logging_and_Threat_Detection_1 |
NIS2_LT._Logging_and_Threat_Detection_1 |
NIS2_LT._Logging_and_Threat_Detection_1 |
LT. Logging and Threat Detection |
Risk analysis & information system security policies |
|
n/a |
Responsibility for ensuring the security of network and information system lies, to a great extent, with essential and important entities. A culture of risk management, involving risk assessments and the implementation of cybersecurity risk-management measures appropriate to the risks faced, should be promoted and developed.
In order to avoid imposing a disproportionate financial and administrative burden on essential and important entities, the cybersecurity risk-management measures should be proportionate to the risks posed to the network and information system concerned, taking into account the state-of-the-art of such measures, and, where applicable, relevant European and international standards, as well as the cost for their implementation. |
|
24 |
NIST_AI_RMF_v1.0 |
3.2.4 |
NIST_AI_RMF_v1.0_3.2.4 |
NIST AI RMF v1.0 3.2.4 |
3.2 |
Monitor AI System Functionality and Behavior in Production |
Shared |
n/a |
Monitor the functionality and behavior of the AI system and its components when in production. |
|
1 |
NIST_AI_RMF_v1.0 |
4.2.3 |
NIST_AI_RMF_v1.0_4.2.3 |
NIST AI RMF v1.0 4.2.3 |
4.2 |
Establish Procedures for Responding to Unknown Risks |
Shared |
n/a |
Establish procedures to respond to and recover from a previously unknown risk when it is identified. |
|
1 |
NIST_AI_RMF_v1.0 |
4.3.2 |
NIST_AI_RMF_v1.0_4.3.2 |
NIST AI RMF v1.0 4.3.2 |
4.3 |
Monitor Pre-Trained Models in AI System Maintenance |
Shared |
n/a |
Monitor pre-trained models used for development as part of the regular monitoring and maintenance of the AI system. |
|
1 |
NIST_AI_RMF_v1.0 |
4.4.1 |
NIST_AI_RMF_v1.0_4.4.1 |
NIST AI RMF v1.0 4.4.1 |
4.4 |
Implement Post-Deployment Monitoring Plans for AI Systems |
Shared |
n/a |
Implement post-deployment AI system monitoring plans, including mechanisms for capturing and evaluating input from users and other relevant AI actors, as well as for appeal and override, decommissioning, incident response, recovery, and change management. |
|
1 |
|
U.15.1 - Events Logged |
U.15.1 - Events Logged |
404 not found |
|
|
|
n/a |
n/a |
|
51 |