last sync: 2024-Oct-11 17:51:27 UTC

Turn on sensors for endpoint security solution | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Turn on sensors for endpoint security solution
Id 5fc24b95-53f7-0ed1-2330-701b539b97fe
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_0514 - Turn on sensors for endpoint security solution
Additional metadata Name/Id: CMA_0514 / CMA_0514
Category: Operational
Title: Turn on sensors for endpoint security solution
Ownership: Customer
Description: Microsoft recommends that your organization turn on an endpoint security solution sensor for colleting and processing behavioral signals from the operating system. How to Use Microsoft Solutions to Implement: Your organization can enable Microsoft Defender for Endpoint sensors to send the sensor data to your private, isolated, cloud instance of Microsoft Defender for Endpoint . Without this enabled, the Microsoft Defender for Endpoint service will not be able to determine the security state of machines that are not sending sensor data. Select **Learn More ** to troubleshoot Microsoft Defender for Endpoint. Learn More: [Troubleshoot Microsoft Defender for Endpoint onboarding issues](https://aka.ms/AAayo6k)
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 39 compliance controls are associated with this Policy definition 'Turn on sensors for endpoint security solution' (5fc24b95-53f7-0ed1-2330-701b539b97fe)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CIS_Azure_1.1.0 2.2 CIS_Azure_1.1.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 2 Security Center Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' Shared The customer is responsible for implementing this recommendation. Enable automatic provisioning of the monitoring agent to collect security data. link 2
CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 7 Virtual Machines Ensure that the endpoint protection for all Virtual Machines is installed Shared The customer is responsible for implementing this recommendation. Install endpoint protection for all virtual machines. link 10
CIS_Azure_1.3.0 2.11 CIS_Azure_1.3.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 2 Security Center Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' Shared The customer is responsible for implementing this recommendation. Enable automatic provisioning of the monitoring agent to collect security data. link 2
CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 7 Virtual Machines Ensure that the endpoint protection for all Virtual Machines is installed Shared The customer is responsible for implementing this recommendation. Install endpoint protection for all virtual machines. link 10
CIS_Azure_1.4.0 2.11 CIS_Azure_1.4.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 2 Microsoft Defender for Cloud Ensure That Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' Shared The customer is responsible for implementing this recommendation. Enable automatic provisioning of the monitoring agent to collect security data. link 2
CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 7 Virtual Machines Ensure that the endpoint protection for all Virtual Machines is installed Shared The customer is responsible for implementing this recommendation. Install endpoint protection for all virtual machines. link 10
CIS_Azure_2.0.0 2.1.15 CIS_Azure_2.0.0_2.1.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.15 2.1 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' Shared n/a Enable automatic provisioning of the monitoring agent to collect security data. When `Log Analytics agent for Azure VMs` is turned on, Microsoft Defender for Cloud provisions the Microsoft Monitoring Agent on all existing supported Azure virtual machines and any new ones that are created. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts. link 2
CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 7 Ensure that Endpoint Protection for all Virtual Machines is installed Shared Endpoint protection will incur an additional cost to you. Install endpoint protection for all virtual machines. Installing endpoint protection systems (like anti-malware for Azure) provides for real-time protection capability that helps identify and remove viruses, spyware, and other malicious software. These also offer configurable alerts when known-malicious or unwanted software attempts to install itself or run on Azure systems. link 10
FedRAMP_High_R4 CA-7 FedRAMP_High_R4_CA-7 FedRAMP High CA-7 Security Assessment And Authorization Continuous Monitoring Shared n/a The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: a. Establishment of [Assignment: organization-defined metrics] to be monitored; b. Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring; c. Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; d. Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; e. Correlation and analysis of security-related information generated by assessments and monitoring; f. Response actions to address results of the analysis of security-related information; and g. Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]. Supplemental Guidance: Continuous monitoring programs facilitate ongoing awareness of threats, vulnerabilities, and information security to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess/analyze security controls and information security-related risks at a frequency sufficient to support organizational risk-based decisions. The results of continuous monitoring programs generate appropriate risk response actions by organizations. Continuous monitoring programs also allow organizations to maintain the security authorizations of information systems and common controls over time in highly dynamic environments of operation with changing mission/business needs, threats, vulnerabilities, and technologies. Having access to security-related information on a continuing basis through reports/dashboards gives organizational officials the capability to make more effective and timely risk management decisions, including ongoing security authorization decisions. Automation supports more frequent updates to security authorization packages, hardware/software/firmware inventories, and other system information. Effectiveness is further enhanced when continuous monitoring outputs are formatted to provide information that is specific, measurable, actionable, relevant, and timely. Continuous monitoring activities are scaled in accordance with the security categories of information systems. Related controls: CA-2, CA-5, CA-6, CM-3, CM-4, PM-6, PM-9, RA-5, SA-11, SA-12, SI-2, SI-4. References: OMB Memorandum 11-33; NIST Special Publications 800-37, 800-39, 800-53A, 800-115, 800-137; US-CERT Technical Cyber Security Alerts; DoD Information Assurance Vulnerability Alerts. link 3
FedRAMP_High_R4 SI-4(2) FedRAMP_High_R4_SI-4(2) FedRAMP High SI-4 (2) System And Information Integrity Automated Tools For Real-Time Analysis Shared n/a The organization employs automated tools to support near real-time analysis of events. Supplemental Guidance: Automated tools include, for example, host-based, network-based, transport-based, or storage-based event monitoring tools or Security Information and Event Management (SIEM) technologies that provide real time analysis of alerts and/or notifications generated by organizational information systems. link 2
FedRAMP_Moderate_R4 CA-7 FedRAMP_Moderate_R4_CA-7 FedRAMP Moderate CA-7 Security Assessment And Authorization Continuous Monitoring Shared n/a The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: a. Establishment of [Assignment: organization-defined metrics] to be monitored; b. Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring; c. Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; d. Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; e. Correlation and analysis of security-related information generated by assessments and monitoring; f. Response actions to address results of the analysis of security-related information; and g. Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]. Supplemental Guidance: Continuous monitoring programs facilitate ongoing awareness of threats, vulnerabilities, and information security to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess/analyze security controls and information security-related risks at a frequency sufficient to support organizational risk-based decisions. The results of continuous monitoring programs generate appropriate risk response actions by organizations. Continuous monitoring programs also allow organizations to maintain the security authorizations of information systems and common controls over time in highly dynamic environments of operation with changing mission/business needs, threats, vulnerabilities, and technologies. Having access to security-related information on a continuing basis through reports/dashboards gives organizational officials the capability to make more effective and timely risk management decisions, including ongoing security authorization decisions. Automation supports more frequent updates to security authorization packages, hardware/software/firmware inventories, and other system information. Effectiveness is further enhanced when continuous monitoring outputs are formatted to provide information that is specific, measurable, actionable, relevant, and timely. Continuous monitoring activities are scaled in accordance with the security categories of information systems. Related controls: CA-2, CA-5, CA-6, CM-3, CM-4, PM-6, PM-9, RA-5, SA-11, SA-12, SI-2, SI-4. References: OMB Memorandum 11-33; NIST Special Publications 800-37, 800-39, 800-53A, 800-115, 800-137; US-CERT Technical Cyber Security Alerts; DoD Information Assurance Vulnerability Alerts. link 3
FedRAMP_Moderate_R4 SI-4(2) FedRAMP_Moderate_R4_SI-4(2) FedRAMP Moderate SI-4 (2) System And Information Integrity Automated Tools For Real-Time Analysis Shared n/a The organization employs automated tools to support near real-time analysis of events. Supplemental Guidance: Automated tools include, for example, host-based, network-based, transport-based, or storage-based event monitoring tools or Security Information and Event Management (SIEM) technologies that provide real time analysis of alerts and/or notifications generated by organizational information systems. link 2
hipaa 0604.06g2Organizational.2-06.g hipaa-0604.06g2Organizational.2-06.g 0604.06g2Organizational.2-06.g 06 Configuration Management 0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance Shared n/a The organization has developed a continuous monitoring strategy and implemented a continuous monitoring program. 7
hipaa 069.06g2Organizational.56-06.g hipaa-069.06g2Organizational.56-06.g 069.06g2Organizational.56-06.g 06 Configuration Management 069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance Shared n/a The internal security organization reviews and maintains records of compliance results (e.g., organization-defined metrics) in order to better track security trends within the organization, respond to the results of correlation and analysis, and address longer term areas of concern as part of its formal risk assessment process. 7
hipaa 0824.09m3Organizational.1-09.m hipaa-0824.09m3Organizational.1-09.m 0824.09m3Organizational.1-09.m 08 Network Protection 0824.09m3Organizational.1-09.m 09.06 Network Security Management Shared n/a The impact of the loss of network service to the business is defined. 10
hipaa 0835.09n1Organizational.1-09.n hipaa-0835.09n1Organizational.1-09.n 0835.09n1Organizational.1-09.n 08 Network Protection 0835.09n1Organizational.1-09.n 09.06 Network Security Management Shared n/a Agreed services provided by a network service provider/manager are formally managed and monitored to ensure they are provided securely. 7
hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 12 Audit Logging & Monitoring 1216.09ab3System.12-09.ab 09.10 Monitoring Shared n/a Automated systems are used to review monitoring activities of security systems (e.g., IPS/IDS) and system records on a daily basis, and identify and document anomalies. 20
hipaa 1218.09ab3System.47-09.ab hipaa-1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 12 Audit Logging & Monitoring 1218.09ab3System.47-09.ab 09.10 Monitoring Shared n/a Automated systems support near real-time analysis and alerting of events (e.g., malicious code, potential intrusions) and integrate intrusion detection into access and flow control mechanisms. 7
hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 15 Incident Management 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses Shared n/a Intrusion detection/information protection system (IDS/IPS) alerts are utilized for reporting information security events. 17
ISO27001-2013 A.18.2.2 ISO27001-2013_A.18.2.2 ISO 27001:2013 A.18.2.2 Compliance Compliance with security policies and standards Shared n/a Managers shall regularly review the compliance of information processing and procedures within their area of responsibility with the appropriate security policies, standards and any other security requirements. link 36
ISO27001-2013 C.9.1.a ISO27001-2013_C.9.1.a ISO 27001:2013 C.9.1.a Performance Evaluation Monitoring, measurement, analysis and evaluation Shared n/a The organization shall evaluate the information security performance and the effectiveness of the information security management system. The organization shall determine: a) what needs to be monitored and measured, including information security processes and controls. link 3
ISO27001-2013 C.9.1.b ISO27001-2013_C.9.1.b ISO 27001:2013 C.9.1.b Performance Evaluation Monitoring, measurement, analysis and evaluation Shared n/a The organization shall evaluate the information security performance and the effectiveness of the information security management system. The organization shall determine: b) the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results. link 3
ISO27001-2013 C.9.1.c ISO27001-2013_C.9.1.c ISO 27001:2013 C.9.1.c Performance Evaluation Monitoring, measurement, analysis and evaluation Shared n/a The organization shall evaluate the information security performance and the effectiveness of the information security management system. NOTE The methods selected should produce comparable and reproducible results to be considered valid. c) when the monitoring and measuring shall be performed. The organization shall retain appropriate documented information as evidence of the monitoring and measurement results. link 3
ISO27001-2013 C.9.1.d ISO27001-2013_C.9.1.d ISO 27001:2013 C.9.1.d Performance Evaluation Monitoring, measurement, analysis and evaluation Shared n/a The organization shall evaluate the information security performance and the effectiveness of the information security management system. NOTE The methods selected should produce comparable and reproducible results to be considered valid. d) who shall monitor and measure; The organization shall retain appropriate documented information as evidence of the monitoring and measurement results. link 3
ISO27001-2013 C.9.1.e ISO27001-2013_C.9.1.e ISO 27001:2013 C.9.1.e Performance Evaluation Monitoring, measurement, analysis and evaluation Shared n/a The organization shall evaluate the information security performance and the effectiveness of the information security management system. NOTE The methods selected should produce comparable and reproducible results to be considered valid. e) when the results from monitoring and measurement shall be analysed and evaluated. The organization shall retain appropriate documented information as evidence of the monitoring and measurement results. link 3
ISO27001-2013 C.9.1.f ISO27001-2013_C.9.1.f ISO 27001:2013 C.9.1.f Performance Evaluation Monitoring, measurement, analysis and evaluation Shared n/a The organization shall evaluate the information security performance and the effectiveness of the information security management system. NOTE The methods selected should produce comparable and reproducible results to be considered valid. f) who shall analyse and evaluate these results. The organization shall retain appropriate documented information as evidence of the monitoring and measurement results. link 3
NIST_SP_800-171_R2_3 .12.3 NIST_SP_800-171_R2_3.12.3 NIST SP 800-171 R2 3.12.3 Security Assessment Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. Shared Microsoft and the customer share responsibilities for implementing this requirement. Continuous monitoring programs facilitate ongoing awareness of threats, vulnerabilities, and information security to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess and analyze security controls and information security-related risks at a frequency sufficient to support risk-based decisions. The results of continuous monitoring programs generate appropriate risk response actions by organizations. Providing access to security information on a continuing basis through reports or dashboards gives organizational officials the capability to make effective and timely risk management decisions. Automation supports more frequent updates to hardware, software, firmware inventories, and other system information. Effectiveness is further enhanced when continuous monitoring outputs are formatted to provide information that is specific, measurable, actionable, relevant, and timely. Monitoring requirements, including the need for specific monitoring, may also be referenced in other requirements. [SP 800-137] provides guidance on continuous monitoring. link 3
NIST_SP_800-171_R2_3 .14.6 NIST_SP_800-171_R2_3.14.6 NIST SP 800-171 R2 3.14.6 System and Information Integrity Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. Shared Microsoft and the customer share responsibilities for implementing this requirement. System monitoring includes external and internal monitoring. External monitoring includes the observation of events occurring at the system boundary (i.e., part of perimeter defense and boundary protection). Internal monitoring includes the observation of events occurring within the system. Organizations can monitor systems, for example, by observing audit record activities in real time or by observing other system aspects such as access patterns, characteristics of access, and other actions. The monitoring objectives may guide determination of the events. System monitoring capability is achieved through a variety of tools and techniques (e.g., intrusion detection systems, intrusion prevention systems, malicious code protection software, scanning tools, audit record monitoring software, network monitoring software). Strategic locations for monitoring devices include selected perimeter locations and near server farms supporting critical applications, with such devices being employed at managed system interfaces. The granularity of monitoring information collected is based on organizational monitoring objectives and the capability of systems to support such objectives. System monitoring is an integral part of continuous monitoring and incident response programs. Output from system monitoring serves as input to continuous monitoring and incident response programs. A network connection is any connection with a device that communicates through a network (e.g., local area network, Internet). A remote connection is any connection with a device communicating through an external network (e.g., the Internet). Local, network, and remote connections can be either wired or wireless. Unusual or unauthorized activities or conditions related to inbound/outbound communications traffic include internal traffic that indicates the presence of malicious code in systems or propagating among system components, the unauthorized exporting of information, or signaling to external systems. Evidence of malicious code is used to identify potentially compromised systems or system components. System monitoring requirements, including the need for specific types of system monitoring, may be referenced in other requirements. [SP 800-94] provides guidance on intrusion detection and prevention systems. link 27
NIST_SP_800-53_R4 CA-7 NIST_SP_800-53_R4_CA-7 NIST SP 800-53 Rev. 4 CA-7 Security Assessment And Authorization Continuous Monitoring Shared n/a The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: a. Establishment of [Assignment: organization-defined metrics] to be monitored; b. Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring; c. Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; d. Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; e. Correlation and analysis of security-related information generated by assessments and monitoring; f. Response actions to address results of the analysis of security-related information; and g. Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]. Supplemental Guidance: Continuous monitoring programs facilitate ongoing awareness of threats, vulnerabilities, and information security to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess/analyze security controls and information security-related risks at a frequency sufficient to support organizational risk-based decisions. The results of continuous monitoring programs generate appropriate risk response actions by organizations. Continuous monitoring programs also allow organizations to maintain the security authorizations of information systems and common controls over time in highly dynamic environments of operation with changing mission/business needs, threats, vulnerabilities, and technologies. Having access to security-related information on a continuing basis through reports/dashboards gives organizational officials the capability to make more effective and timely risk management decisions, including ongoing security authorization decisions. Automation supports more frequent updates to security authorization packages, hardware/software/firmware inventories, and other system information. Effectiveness is further enhanced when continuous monitoring outputs are formatted to provide information that is specific, measurable, actionable, relevant, and timely. Continuous monitoring activities are scaled in accordance with the security categories of information systems. Related controls: CA-2, CA-5, CA-6, CM-3, CM-4, PM-6, PM-9, RA-5, SA-11, SA-12, SI-2, SI-4. References: OMB Memorandum 11-33; NIST Special Publications 800-37, 800-39, 800-53A, 800-115, 800-137; US-CERT Technical Cyber Security Alerts; DoD Information Assurance Vulnerability Alerts. link 3
NIST_SP_800-53_R4 SI-4(2) NIST_SP_800-53_R4_SI-4(2) NIST SP 800-53 Rev. 4 SI-4 (2) System And Information Integrity Automated Tools For Real-Time Analysis Shared n/a The organization employs automated tools to support near real-time analysis of events. Supplemental Guidance: Automated tools include, for example, host-based, network-based, transport-based, or storage-based event monitoring tools or Security Information and Event Management (SIEM) technologies that provide real time analysis of alerts and/or notifications generated by organizational information systems. link 2
NIST_SP_800-53_R5 CA-7 NIST_SP_800-53_R5_CA-7 NIST SP 800-53 Rev. 5 CA-7 Assessment, Authorization, and Monitoring Continuous Monitoring Shared n/a Develop a system-level continuous monitoring strategy and implement continuous monitoring in accordance with the organization-level continuous monitoring strategy that includes: a. Establishing the following system-level metrics to be monitored: [Assignment: organization-defined system-level metrics]; b. Establishing [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessment of control effectiveness; c. Ongoing control assessments in accordance with the continuous monitoring strategy; d. Ongoing monitoring of system and organization-defined metrics in accordance with the continuous monitoring strategy; e. Correlation and analysis of information generated by control assessments and monitoring; f. Response actions to address results of the analysis of control assessment and monitoring information; and g. Reporting the security and privacy status of the system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]. link 3
NIST_SP_800-53_R5 SI-4(2) NIST_SP_800-53_R5_SI-4(2) NIST SP 800-53 Rev. 5 SI-4 (2) System and Information Integrity Automated Tools and Mechanisms for Real-time Analysis Shared n/a Employ automated tools and mechanisms to support near real-time analysis of events. link 2
op.mon.2 Metrics system op.mon.2 Metrics system 404 not found n/a n/a 3
org.2 Security regulations org.2 Security regulations 404 not found n/a n/a 100
PCI_DSS_v4.0 12.4.2 PCI_DSS_v4.0_12.4.2 PCI DSS v4.0 12.4.2 Requirement 12: Support Information Security with Organizational Policies and Programs PCI DSS compliance is managed Shared n/a Reviews are performed at least once every three months, by personnel other than those responsible for performing the given task to confirm personnel are performing their tasks, in accordance with all security policies and all operational procedures, including but not limited to the following tasks: • Daily log reviews. • Configuration reviews for network security controls. • Applying configuration standards to new systems. • Responding to security alerts. • Change-management processes. link 6
PCI_DSS_v4.0 12.4.2.1 PCI_DSS_v4.0_12.4.2.1 PCI DSS v4.0 12.4.2.1 Requirement 12: Support Information Security with Organizational Policies and Programs PCI DSS compliance is managed Shared n/a Reviews conducted in accordance with Requirement 12.4.2 are documented to include: • Results of the reviews. • Documented remediation actions taken for any tasks that were found to not be performed at Requirement 12.4.2. • Review and sign-off of results by personnel assigned responsibility for the PCI DSS compliance program. link 7
SOC_2 CC5.3 SOC_2_CC5.3 SOC 2 Type 2 CC5.3 Control Activities COSO Principle 12 Shared The customer is responsible for implementing this recommendation. Establishes Policies and Procedures to Support Deployment of Management’s Directives — Management establishes control activities that are built into business processes and employees’ day-to-day activities through policies establishing what is expected and relevant procedures specifying actions. • Establishes Responsibility and Accountability for Executing Policies and Procedures — Management establishes responsibility and accountability for control activities with management (or other designated personnel) of the business unit or function in which the relevant risks reside. • Performs in a Timely Manner — Responsible personnel perform control activities in a timely manner as defined by the policies and procedures. • Takes Corrective Action — Responsible personnel investigate and act on matters identified as a result of executing control activities. • Performs Using Competent Personnel — Competent personnel with sufficient authority perform control activities with diligence and continuing focus. • Reassesses Policies and Procedures — Management periodically reviews control activities to determine their continued relevance and refreshes them when necessary 4
SWIFT_CSCF_v2022 11.1 SWIFT_CSCF_v2022_11.1 SWIFT CSCF v2022 11.1 11. Monitor in case of Major Disaster Ensure a consistent and effective approach for the event monitoring and escalation. Shared n/a Ensure a consistent and effective approach for the event monitoring and escalation. link 5
SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A 6. Detect Anomalous Activity to Systems or Transaction Records Detect and contain anomalous network activity into and within the local or remote SWIFT environment. Shared n/a Intrusion detection is implemented to detect unauthorised network access and anomalous activity. link 17
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.3.0 612b5213-9160-4969-8578-1518bd2a000c Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.4.0 c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5 Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v2.0.0 06f19060-9e68-4070-92ca-f15cc126059e Regulatory Compliance GA BuiltIn
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-171 Rev. 2 03055927-78bd-4236-86c0-f36125a10dc9 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-02 16:33:37 add 5fc24b95-53f7-0ed1-2330-701b539b97fe
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC