compliance controls are associated with this Policy definition 'Turn on sensors for endpoint security solution' (5fc24b95-53f7-0ed1-2330-701b539b97fe)
Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
CIS_Azure_1.1.0 |
2.2 |
CIS_Azure_1.1.0_2.2 |
CIS Microsoft Azure Foundations Benchmark recommendation 2.2 |
2 Security Center |
Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' |
Shared |
The customer is responsible for implementing this recommendation. |
Enable automatic provisioning of the monitoring agent to collect security data. |
link |
2 |
CIS_Azure_1.1.0 |
7.6 |
CIS_Azure_1.1.0_7.6 |
CIS Microsoft Azure Foundations Benchmark recommendation 7.6 |
7 Virtual Machines |
Ensure that the endpoint protection for all Virtual Machines is installed |
Shared |
The customer is responsible for implementing this recommendation. |
Install endpoint protection for all virtual machines. |
link |
10 |
CIS_Azure_1.3.0 |
2.11 |
CIS_Azure_1.3.0_2.11 |
CIS Microsoft Azure Foundations Benchmark recommendation 2.11 |
2 Security Center |
Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' |
Shared |
The customer is responsible for implementing this recommendation. |
Enable automatic provisioning of the monitoring agent to collect security data. |
link |
2 |
CIS_Azure_1.3.0 |
7.6 |
CIS_Azure_1.3.0_7.6 |
CIS Microsoft Azure Foundations Benchmark recommendation 7.6 |
7 Virtual Machines |
Ensure that the endpoint protection for all Virtual Machines is installed |
Shared |
The customer is responsible for implementing this recommendation. |
Install endpoint protection for all virtual machines. |
link |
10 |
CIS_Azure_1.4.0 |
2.11 |
CIS_Azure_1.4.0_2.11 |
CIS Microsoft Azure Foundations Benchmark recommendation 2.11 |
2 Microsoft Defender for Cloud |
Ensure That Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' |
Shared |
The customer is responsible for implementing this recommendation. |
Enable automatic provisioning of the monitoring agent to collect security data. |
link |
2 |
CIS_Azure_1.4.0 |
7.6 |
CIS_Azure_1.4.0_7.6 |
CIS Microsoft Azure Foundations Benchmark recommendation 7.6 |
7 Virtual Machines |
Ensure that the endpoint protection for all Virtual Machines is installed |
Shared |
The customer is responsible for implementing this recommendation. |
Install endpoint protection for all virtual machines. |
link |
10 |
CIS_Azure_2.0.0 |
2.1.15 |
CIS_Azure_2.0.0_2.1.15 |
CIS Microsoft Azure Foundations Benchmark recommendation 2.1.15 |
2.1 |
Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' |
Shared |
n/a |
Enable automatic provisioning of the monitoring agent to collect security data.
When `Log Analytics agent for Azure VMs` is turned on, Microsoft Defender for Cloud provisions the Microsoft Monitoring Agent on all existing supported Azure virtual machines and any new ones that are created. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts. |
link |
2 |
CIS_Azure_2.0.0 |
7.6 |
CIS_Azure_2.0.0_7.6 |
CIS Microsoft Azure Foundations Benchmark recommendation 7.6 |
7 |
Ensure that Endpoint Protection for all Virtual Machines is installed |
Shared |
Endpoint protection will incur an additional cost to you. |
Install endpoint protection for all virtual machines.
Installing endpoint protection systems (like anti-malware for Azure) provides for real-time protection capability that helps identify and remove viruses, spyware, and other malicious software. These also offer configurable alerts when known-malicious or unwanted software attempts to install itself or run on Azure systems. |
link |
10 |
FedRAMP_High_R4 |
CA-7 |
FedRAMP_High_R4_CA-7 |
FedRAMP High CA-7 |
Security Assessment And Authorization |
Continuous Monitoring |
Shared |
n/a |
The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes:
a. Establishment of [Assignment: organization-defined metrics] to be monitored;
b. Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring;
c. Ongoing security control assessments in accordance with the organizational continuous monitoring strategy;
d. Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy;
e. Correlation and analysis of security-related information generated by assessments and monitoring;
f. Response actions to address results of the analysis of security-related information; and
g. Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency].
Supplemental Guidance: Continuous monitoring programs facilitate ongoing awareness of threats, vulnerabilities, and information security to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess/analyze security controls and information security-related risks at a frequency sufficient to support organizational risk-based decisions. The results of continuous monitoring programs generate appropriate risk response actions by organizations. Continuous monitoring programs also allow organizations to maintain the security authorizations of information systems and common controls over time in highly dynamic environments of operation with changing mission/business needs, threats, vulnerabilities, and technologies. Having access to security-related information on a continuing basis through reports/dashboards gives organizational officials the capability to make more effective and timely risk management decisions, including ongoing security authorization decisions. Automation supports more frequent updates to security authorization packages, hardware/software/firmware inventories, and other system information. Effectiveness is further enhanced when continuous monitoring outputs are formatted to provide information that is specific, measurable, actionable, relevant, and timely. Continuous monitoring activities are scaled in accordance with the security categories of information systems. Related controls: CA-2, CA-5, CA-6, CM-3, CM-4, PM-6, PM-9, RA-5, SA-11, SA-12, SI-2, SI-4.
References: OMB Memorandum 11-33; NIST Special Publications 800-37, 800-39, 800-53A, 800-115, 800-137; US-CERT Technical Cyber Security Alerts; DoD Information Assurance Vulnerability Alerts. |
link |
3 |
FedRAMP_High_R4 |
SI-4(2) |
FedRAMP_High_R4_SI-4(2) |
FedRAMP High SI-4 (2) |
System And Information Integrity |
Automated Tools For Real-Time Analysis |
Shared |
n/a |
The organization employs automated tools to support near real-time analysis of events.
Supplemental Guidance: Automated tools include, for example, host-based, network-based, transport-based, or storage-based event monitoring tools or Security Information and Event Management (SIEM) technologies that provide real time analysis of alerts and/or notifications generated by organizational information systems. |
link |
2 |
FedRAMP_Moderate_R4 |
CA-7 |
FedRAMP_Moderate_R4_CA-7 |
FedRAMP Moderate CA-7 |
Security Assessment And Authorization |
Continuous Monitoring |
Shared |
n/a |
The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes:
a. Establishment of [Assignment: organization-defined metrics] to be monitored;
b. Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring;
c. Ongoing security control assessments in accordance with the organizational continuous monitoring strategy;
d. Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy;
e. Correlation and analysis of security-related information generated by assessments and monitoring;
f. Response actions to address results of the analysis of security-related information; and
g. Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency].
Supplemental Guidance: Continuous monitoring programs facilitate ongoing awareness of threats, vulnerabilities, and information security to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess/analyze security controls and information security-related risks at a frequency sufficient to support organizational risk-based decisions. The results of continuous monitoring programs generate appropriate risk response actions by organizations. Continuous monitoring programs also allow organizations to maintain the security authorizations of information systems and common controls over time in highly dynamic environments of operation with changing mission/business needs, threats, vulnerabilities, and technologies. Having access to security-related information on a continuing basis through reports/dashboards gives organizational officials the capability to make more effective and timely risk management decisions, including ongoing security authorization decisions. Automation supports more frequent updates to security authorization packages, hardware/software/firmware inventories, and other system information. Effectiveness is further enhanced when continuous monitoring outputs are formatted to provide information that is specific, measurable, actionable, relevant, and timely. Continuous monitoring activities are scaled in accordance with the security categories of information systems. Related controls: CA-2, CA-5, CA-6, CM-3, CM-4, PM-6, PM-9, RA-5, SA-11, SA-12, SI-2, SI-4.
References: OMB Memorandum 11-33; NIST Special Publications 800-37, 800-39, 800-53A, 800-115, 800-137; US-CERT Technical Cyber Security Alerts; DoD Information Assurance Vulnerability Alerts. |
link |
3 |
FedRAMP_Moderate_R4 |
SI-4(2) |
FedRAMP_Moderate_R4_SI-4(2) |
FedRAMP Moderate SI-4 (2) |
System And Information Integrity |
Automated Tools For Real-Time Analysis |
Shared |
n/a |
The organization employs automated tools to support near real-time analysis of events.
Supplemental Guidance: Automated tools include, for example, host-based, network-based, transport-based, or storage-based event monitoring tools or Security Information and Event Management (SIEM) technologies that provide real time analysis of alerts and/or notifications generated by organizational information systems. |
link |
2 |
hipaa |
0604.06g2Organizational.2-06.g |
hipaa-0604.06g2Organizational.2-06.g |
0604.06g2Organizational.2-06.g |
06 Configuration Management |
0604.06g2Organizational.2-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance |
Shared |
n/a |
The organization has developed a continuous monitoring strategy and implemented a continuous monitoring program. |
|
7 |
hipaa |
069.06g2Organizational.56-06.g |
hipaa-069.06g2Organizational.56-06.g |
069.06g2Organizational.56-06.g |
06 Configuration Management |
069.06g2Organizational.56-06.g 06.02 Compliance with Security Policies and Standards, and Technical Compliance |
Shared |
n/a |
The internal security organization reviews and maintains records of compliance results (e.g., organization-defined metrics) in order to better track security trends within the organization, respond to the results of correlation and analysis, and address longer term areas of concern as part of its formal risk assessment process. |
|
7 |
hipaa |
0824.09m3Organizational.1-09.m |
hipaa-0824.09m3Organizational.1-09.m |
0824.09m3Organizational.1-09.m |
08 Network Protection |
0824.09m3Organizational.1-09.m 09.06 Network Security Management |
Shared |
n/a |
The impact of the loss of network service to the business is defined. |
|
10 |
hipaa |
0835.09n1Organizational.1-09.n |
hipaa-0835.09n1Organizational.1-09.n |
0835.09n1Organizational.1-09.n |
08 Network Protection |
0835.09n1Organizational.1-09.n 09.06 Network Security Management |
Shared |
n/a |
Agreed services provided by a network service provider/manager are formally managed and monitored to ensure they are provided securely. |
|
7 |
hipaa |
1216.09ab3System.12-09.ab |
hipaa-1216.09ab3System.12-09.ab |
1216.09ab3System.12-09.ab |
12 Audit Logging & Monitoring |
1216.09ab3System.12-09.ab 09.10 Monitoring |
Shared |
n/a |
Automated systems are used to review monitoring activities of security systems (e.g., IPS/IDS) and system records on a daily basis, and identify and document anomalies. |
|
20 |
hipaa |
1218.09ab3System.47-09.ab |
hipaa-1218.09ab3System.47-09.ab |
1218.09ab3System.47-09.ab |
12 Audit Logging & Monitoring |
1218.09ab3System.47-09.ab 09.10 Monitoring |
Shared |
n/a |
Automated systems support near real-time analysis and alerting of events (e.g., malicious code, potential intrusions) and integrate intrusion detection into access and flow control mechanisms. |
|
7 |
hipaa |
1512.11a2Organizational.8-11.a |
hipaa-1512.11a2Organizational.8-11.a |
1512.11a2Organizational.8-11.a |
15 Incident Management |
1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses |
Shared |
n/a |
Intrusion detection/information protection system (IDS/IPS) alerts are utilized for reporting information security events. |
|
17 |
ISO27001-2013 |
A.18.2.2 |
ISO27001-2013_A.18.2.2 |
ISO 27001:2013 A.18.2.2 |
Compliance |
Compliance with security policies and standards |
Shared |
n/a |
Managers shall regularly review the compliance of information processing and procedures within their area of responsibility with the appropriate security policies, standards and any other security requirements. |
link |
36 |
ISO27001-2013 |
C.9.1.a |
ISO27001-2013_C.9.1.a |
ISO 27001:2013 C.9.1.a |
Performance Evaluation |
Monitoring, measurement, analysis and evaluation |
Shared |
n/a |
The organization shall evaluate the information security performance and the effectiveness of the
information security management system.
The organization shall determine:
a) what needs to be monitored and measured, including information security processes and controls. |
link |
3 |
ISO27001-2013 |
C.9.1.b |
ISO27001-2013_C.9.1.b |
ISO 27001:2013 C.9.1.b |
Performance Evaluation |
Monitoring, measurement, analysis and evaluation |
Shared |
n/a |
The organization shall evaluate the information security performance and the effectiveness of the
information security management system.
The organization shall determine:
b) the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure
valid results. |
link |
3 |
ISO27001-2013 |
C.9.1.c |
ISO27001-2013_C.9.1.c |
ISO 27001:2013 C.9.1.c |
Performance Evaluation |
Monitoring, measurement, analysis and evaluation |
Shared |
n/a |
The organization shall evaluate the information security performance and the effectiveness of the
information security management system.
NOTE The methods selected should produce comparable and reproducible results to be considered valid.
c) when the monitoring and measuring shall be performed.
The organization shall retain appropriate documented information as evidence of the monitoring and
measurement results. |
link |
3 |
ISO27001-2013 |
C.9.1.d |
ISO27001-2013_C.9.1.d |
ISO 27001:2013 C.9.1.d |
Performance Evaluation |
Monitoring, measurement, analysis and evaluation |
Shared |
n/a |
The organization shall evaluate the information security performance and the effectiveness of the
information security management system.
NOTE The methods selected should produce comparable and reproducible results to be considered valid.
d) who shall monitor and measure;
The organization shall retain appropriate documented information as evidence of the monitoring and
measurement results. |
link |
3 |
ISO27001-2013 |
C.9.1.e |
ISO27001-2013_C.9.1.e |
ISO 27001:2013 C.9.1.e |
Performance Evaluation |
Monitoring, measurement, analysis and evaluation |
Shared |
n/a |
The organization shall evaluate the information security performance and the effectiveness of the
information security management system.
NOTE The methods selected should produce comparable and reproducible results to be considered valid.
e) when the results from monitoring and measurement shall be analysed and evaluated.
The organization shall retain appropriate documented information as evidence of the monitoring and
measurement results. |
link |
3 |
ISO27001-2013 |
C.9.1.f |
ISO27001-2013_C.9.1.f |
ISO 27001:2013 C.9.1.f |
Performance Evaluation |
Monitoring, measurement, analysis and evaluation |
Shared |
n/a |
The organization shall evaluate the information security performance and the effectiveness of the
information security management system.
NOTE The methods selected should produce comparable and reproducible results to be considered valid.
f) who shall analyse and evaluate these results.
The organization shall retain appropriate documented information as evidence of the monitoring and
measurement results. |
link |
3 |
NIST_SP_800-171_R2_3 |
.12.3 |
NIST_SP_800-171_R2_3.12.3 |
NIST SP 800-171 R2 3.12.3 |
Security Assessment |
Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Continuous monitoring programs facilitate ongoing awareness of threats, vulnerabilities, and information security to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess and analyze security controls and information security-related risks at a frequency sufficient to support risk-based decisions. The results of continuous monitoring programs generate appropriate risk response actions by organizations. Providing access to security information on a continuing basis through reports or dashboards gives organizational officials the capability to make effective and timely risk management decisions. Automation supports more frequent updates to hardware, software, firmware inventories, and other system information. Effectiveness is further enhanced when continuous monitoring outputs are formatted to provide information that is specific, measurable, actionable, relevant, and timely. Monitoring requirements, including the need for specific monitoring, may also be referenced in other requirements. [SP 800-137] provides guidance on continuous monitoring. |
link |
3 |
NIST_SP_800-171_R2_3 |
.14.6 |
NIST_SP_800-171_R2_3.14.6 |
NIST SP 800-171 R2 3.14.6 |
System and Information Integrity |
Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
System monitoring includes external and internal monitoring. External monitoring includes the observation of events occurring at the system boundary (i.e., part of perimeter defense and boundary protection). Internal monitoring includes the observation of events occurring within the system. Organizations can monitor systems, for example, by observing audit record activities in real time or by observing other system aspects such as access patterns, characteristics of access, and other actions. The monitoring objectives may guide determination of the events. System monitoring capability is achieved through a variety of tools and techniques (e.g., intrusion detection systems, intrusion prevention systems, malicious code protection software, scanning tools, audit record monitoring software, network monitoring software). Strategic locations for monitoring devices include selected perimeter locations and near server farms supporting critical applications, with such devices being employed at managed system interfaces. The granularity of monitoring information collected is based on organizational monitoring objectives and the capability of systems to support such objectives. System monitoring is an integral part of continuous monitoring and incident response programs. Output from system monitoring serves as input to continuous monitoring and incident response programs. A network connection is any connection with a device that communicates through a network (e.g., local area network, Internet). A remote connection is any connection with a device communicating through an external network (e.g., the Internet). Local, network, and remote connections can be either wired or wireless. Unusual or unauthorized activities or conditions related to inbound/outbound communications traffic include internal traffic that indicates the presence of malicious code in systems or propagating among system components, the unauthorized exporting of information, or signaling to external systems. Evidence of malicious code is used to identify potentially compromised systems or system components. System monitoring requirements, including the need for specific types of system monitoring, may be referenced in other requirements. [SP 800-94] provides guidance on intrusion detection and prevention systems. |
link |
27 |
NIST_SP_800-53_R4 |
CA-7 |
NIST_SP_800-53_R4_CA-7 |
NIST SP 800-53 Rev. 4 CA-7 |
Security Assessment And Authorization |
Continuous Monitoring |
Shared |
n/a |
The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes:
a. Establishment of [Assignment: organization-defined metrics] to be monitored;
b. Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring;
c. Ongoing security control assessments in accordance with the organizational continuous monitoring strategy;
d. Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy;
e. Correlation and analysis of security-related information generated by assessments and monitoring;
f. Response actions to address results of the analysis of security-related information; and
g. Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency].
Supplemental Guidance: Continuous monitoring programs facilitate ongoing awareness of threats, vulnerabilities, and information security to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess/analyze security controls and information security-related risks at a frequency sufficient to support organizational risk-based decisions. The results of continuous monitoring programs generate appropriate risk response actions by organizations. Continuous monitoring programs also allow organizations to maintain the security authorizations of information systems and common controls over time in highly dynamic environments of operation with changing mission/business needs, threats, vulnerabilities, and technologies. Having access to security-related information on a continuing basis through reports/dashboards gives organizational officials the capability to make more effective and timely risk management decisions, including ongoing security authorization decisions. Automation supports more frequent updates to security authorization packages, hardware/software/firmware inventories, and other system information. Effectiveness is further enhanced when continuous monitoring outputs are formatted to provide information that is specific, measurable, actionable, relevant, and timely. Continuous monitoring activities are scaled in accordance with the security categories of information systems. Related controls: CA-2, CA-5, CA-6, CM-3, CM-4, PM-6, PM-9, RA-5, SA-11, SA-12, SI-2, SI-4.
References: OMB Memorandum 11-33; NIST Special Publications 800-37, 800-39, 800-53A, 800-115, 800-137; US-CERT Technical Cyber Security Alerts; DoD Information Assurance Vulnerability Alerts. |
link |
3 |
NIST_SP_800-53_R4 |
SI-4(2) |
NIST_SP_800-53_R4_SI-4(2) |
NIST SP 800-53 Rev. 4 SI-4 (2) |
System And Information Integrity |
Automated Tools For Real-Time Analysis |
Shared |
n/a |
The organization employs automated tools to support near real-time analysis of events.
Supplemental Guidance: Automated tools include, for example, host-based, network-based, transport-based, or storage-based event monitoring tools or Security Information and Event Management (SIEM) technologies that provide real time analysis of alerts and/or notifications generated by organizational information systems. |
link |
2 |
NIST_SP_800-53_R5 |
CA-7 |
NIST_SP_800-53_R5_CA-7 |
NIST SP 800-53 Rev. 5 CA-7 |
Assessment, Authorization, and Monitoring |
Continuous Monitoring |
Shared |
n/a |
Develop a system-level continuous monitoring strategy and implement continuous monitoring in accordance with the organization-level continuous monitoring strategy that includes:
a. Establishing the following system-level metrics to be monitored: [Assignment: organization-defined system-level metrics];
b. Establishing [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessment of control effectiveness;
c. Ongoing control assessments in accordance with the continuous monitoring strategy;
d. Ongoing monitoring of system and organization-defined metrics in accordance with the continuous monitoring strategy;
e. Correlation and analysis of information generated by control assessments and monitoring;
f. Response actions to address results of the analysis of control assessment and monitoring information; and
g. Reporting the security and privacy status of the system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]. |
link |
3 |
NIST_SP_800-53_R5 |
SI-4(2) |
NIST_SP_800-53_R5_SI-4(2) |
NIST SP 800-53 Rev. 5 SI-4 (2) |
System and Information Integrity |
Automated Tools and Mechanisms for Real-time Analysis |
Shared |
n/a |
Employ automated tools and mechanisms to support near real-time analysis of events. |
link |
2 |
|
op.mon.2 Metrics system |
op.mon.2 Metrics system |
404 not found |
|
|
|
n/a |
n/a |
|
3 |
|
org.2 Security regulations |
org.2 Security regulations |
404 not found |
|
|
|
n/a |
n/a |
|
100 |
PCI_DSS_v4.0 |
12.4.2 |
PCI_DSS_v4.0_12.4.2 |
PCI DSS v4.0 12.4.2 |
Requirement 12: Support Information Security with Organizational Policies and Programs |
PCI DSS compliance is managed |
Shared |
n/a |
Reviews are performed at least once every three months, by personnel other than those responsible for performing the given task to confirm personnel are performing their tasks, in accordance with all security policies and all operational procedures, including but not limited to the following tasks:
• Daily log reviews.
• Configuration reviews for network security controls.
• Applying configuration standards to new systems.
• Responding to security alerts.
• Change-management processes. |
link |
6 |
PCI_DSS_v4.0 |
12.4.2.1 |
PCI_DSS_v4.0_12.4.2.1 |
PCI DSS v4.0 12.4.2.1 |
Requirement 12: Support Information Security with Organizational Policies and Programs |
PCI DSS compliance is managed |
Shared |
n/a |
Reviews conducted in accordance with Requirement 12.4.2 are documented to include:
• Results of the reviews.
• Documented remediation actions taken for any tasks that were found to not be performed at Requirement 12.4.2.
• Review and sign-off of results by personnel assigned responsibility for the PCI DSS compliance program. |
link |
7 |
SOC_2 |
CC5.3 |
SOC_2_CC5.3 |
SOC 2 Type 2 CC5.3 |
Control Activities |
COSO Principle 12 |
Shared |
The customer is responsible for implementing this recommendation. |
Establishes Policies and Procedures to Support Deployment of Management’s Directives — Management establishes control activities that are built into business
processes and employees’ day-to-day activities through policies establishing what is
expected and relevant procedures specifying actions.
• Establishes Responsibility and Accountability for Executing Policies and Procedures — Management establishes responsibility and accountability for control activities with management (or other designated personnel) of the business unit or function in which the relevant risks reside.
• Performs in a Timely Manner — Responsible personnel perform control activities in
a timely manner as defined by the policies and procedures.
• Takes Corrective Action — Responsible personnel investigate and act on matters
identified as a result of executing control activities.
• Performs Using Competent Personnel — Competent personnel with sufficient authority perform control activities with diligence and continuing focus.
• Reassesses Policies and Procedures — Management periodically reviews control
activities to determine their continued relevance and refreshes them when necessary |
|
4 |
SWIFT_CSCF_v2022 |
11.1 |
SWIFT_CSCF_v2022_11.1 |
SWIFT CSCF v2022 11.1 |
11. Monitor in case of Major Disaster |
Ensure a consistent and effective approach for the event monitoring and escalation. |
Shared |
n/a |
Ensure a consistent and effective approach for the event monitoring and escalation. |
link |
5 |
SWIFT_CSCF_v2022 |
6.5A |
SWIFT_CSCF_v2022_6.5A |
SWIFT CSCF v2022 6.5A |
6. Detect Anomalous Activity to Systems or Transaction Records |
Detect and contain anomalous network activity into and within the local or remote SWIFT environment. |
Shared |
n/a |
Intrusion detection is implemented to detect unauthorised network access and anomalous activity. |
link |
17 |