compliance controls are associated with this Policy definition 'All flow log resources should be in enabled state' (27960feb-a23c-4577-8d36-ef8b5f35e0be)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| CIS_Azure_2.0.0 |
5.1.6 |
CIS_Azure_2.0.0_5.1.6 |
CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 |
5.1 |
Ensure that Network Security Group Flow logs are captured and sent to Log Analytics |
Shared |
The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace.
This will increase the amount of data stored and used by Azure Monitor. |
Ensure that network flow logs are captured and fed into a central log analytics workspace.
Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc. |
link |
3 |
| K_ISMS_P_2018 |
2.10.1 |
K_ISMS_P_2018_2.10.1 |
K ISMS P 2018 2.10.1 |
2.10 |
Establish Procedures for Managing the Security of System Operations |
Shared |
n/a |
Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions. |
|
408 |
| K_ISMS_P_2018 |
2.10.2 |
K_ISMS_P_2018_2.10.2 |
K ISMS P 2018 2.10.2 |
2.10 |
Establish Protective Measures for Administrator Privileges and Security Configurations |
Shared |
n/a |
Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations. |
|
385 |
| K_ISMS_P_2018 |
2.11.1 |
K_ISMS_P_2018_2.11.1 |
K ISMS P 2018 2.11.1 |
2.11 |
Establish Procedures for Managing Internal and External Intrusion Attempts |
Shared |
n/a |
Establish procedures for detecting, analyzing, sharing, and effectively responding to internal and external intrusion attempts to prevent personal information leakage. Additionally, implement a framework for collaboration with relevant external agencies and experts. |
|
57 |
| K_ISMS_P_2018 |
2.11.3 |
K_ISMS_P_2018_2.11.3 |
K ISMS P 2018 2.11.3 |
2.11 |
Collect, Monitor, and Analyze Data and Network Traffic |
Shared |
n/a |
Collect, monitor, and analyze data and network traffic to respond to internal or external infringement attempts in a timely manner. |
|
31 |
| K_ISMS_P_2018 |
2.11.5 |
K_ISMS_P_2018_2.11.5 |
K ISMS P 2018 2.11.5 |
2.11 |
Establish Procedures to Respond and Recover from Incidents |
Shared |
n/a |
Establish procedures to respond and recover from incidents in a timely manner, including legal obligations for disclosing information. Additional procedures must be established and implemented to prevent recurrence. |
|
57 |
| K_ISMS_P_2018 |
2.9.2a |
K_ISMS_P_2018_2.9.2a |
K ISMS P 2018 2.9.2a |
2.9.2a |
Establish Procedures for Information System Failures |
Shared |
n/a |
Establish procedures to detect, record, analyze, report, and respond to information system failures. |
|
39 |
| K_ISMS_P_2018 |
2.9.4 |
K_ISMS_P_2018_2.9.4 |
K ISMS P 2018 2.9.4 |
2.9 |
Maintain Logs and Establish Log Management Procedures |
Shared |
n/a |
Maintain log records for servers, applications, security systems, and networks. Define log types, access permissions, retention periods, and storage methods to ensure secure retention and prevent forgery, alteration, theft, and loss. |
|
45 |
|
op.mon.1 Intrusion detection |
op.mon.1 Intrusion detection |
404 not found |
|
|
|
n/a |
n/a |
|
50 |
| RBI_CSF_Banks_v2016 |
15.1 |
RBI_CSF_Banks_v2016_15.1 |
|
Data Leak Prevention Strategy |
Data Leak Prevention Strategy-15.1 |
|
n/a |
Develop a comprehensive data loss/leakage prevention strategy to safeguard sensitive (including confidential)business and customer data/information. |
|
4 |
| RBI_CSF_Banks_v2016 |
16.1 |
RBI_CSF_Banks_v2016_16.1 |
|
Maintenance, Monitoring, And Analysis Of Audit Logs |
Maintenance, Monitoring, And Analysis Of Audit Logs-16.1 |
|
n/a |
Consult all the stakeholders before finalising the scope, frequency and storage of log collection. |
|
5 |
| RBI_ITF_NBFC_v2017 |
3.1.g |
RBI_ITF_NBFC_v2017_3.1.g |
RBI IT Framework 3.1.g |
Information and Cyber Security |
Trails-3.1 |
|
n/a |
The IS Policy must provide for a IS framework with the following basic tenets:
Trails- NBFCs shall ensure that audit trails exist for IT assets satisfying its business requirements including regulatory and legal requirements, facilitating audit, serving as forensic evidence when required and assisting in dispute resolution. If an employee, for instance, attempts to access an unauthorized section, this improper activity should be recorded in the audit trail. |
link |
33 |
| RBI_ITF_NBFC_v2017 |
5 |
RBI_ITF_NBFC_v2017_5 |
RBI IT Framework 5 |
IS Audit |
Policy for Information System Audit (IS Audit)-5 |
|
n/a |
The objective of the IS Audit is to provide an insight on the effectiveness of controls that are in place to ensure confidentiality, integrity and availability of the organization???s IT infrastructure. IS Audit shall identify risks and methods to mitigate risk arising out of IT infrastructure such as server architecture, local and wide area networks, physical and information security, telecommunications etc. |
link |
14 |
| RMiT_v1.0 |
10.33 |
RMiT_v1.0_10.33 |
RMiT 10.33 |
Network Resilience |
Network Resilience - 10.33 |
Shared |
n/a |
A financial institution must design a reliable, scalable and secure enterprise network that is able to support its business activities, including future growth plans. |
link |
27 |
| RMiT_v1.0 |
Appendix_5.7 |
RMiT_v1.0_Appendix_5.7 |
RMiT Appendix 5.7 |
Control Measures on Cybersecurity |
Control Measures on Cybersecurity - Appendix 5.7 |
Customer |
n/a |
Ensure overall network security controls are implemented including the following:
(a) dedicated firewalls at all segments. All external-facing firewalls must be deployed on High Availability (HA) configuration and “fail-close” mode activated. Deploy different brand name/model for two firewalls located in sequence within the same network path;
(b) IPS at all critical network segments with the capability to inspect and monitor encrypted network traffic;
(c) web and email filtering systems such as web-proxy, spam filter and anti-spoofing controls;
(d) endpoint protection solution to detect and remove security threats including viruses and malicious software;
(e) solution to mitigate advanced persistent threats including zero-day and signatureless malware; and
(f) capture the full network packets to rebuild relevant network sessions to aid forensics in the event of incidents. |
link |
21 |
| SWIFT_CSCF_v2022 |
6.4 |
SWIFT_CSCF_v2022_6.4 |
SWIFT CSCF v2022 6.4 |
6. Detect Anomalous Activity to Systems or Transaction Records |
Record security events and detect anomalous actions and operations within the local SWIFT environment. |
Shared |
n/a |
Capabilities to detect anomalous activity are implemented, and a process or tool is in place to keep and review logs. |
link |
47 |