compliance controls are associated with this Policy definition 'Audit Windows machines on which the Log Analytics agent is not connected as expected' (6265018c-d7e2-432f-a75d-094d5f6f4465)
Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
Azure_Security_Benchmark_v1.0 |
2.2 |
Azure_Security_Benchmark_v1.0_2.2 |
Azure Security Benchmark 2.2 |
Logging and Monitoring |
Configure central security log management |
Customer |
Ingest logs via Azure Monitor to aggregate security data generated by endpoint devices, network resources, and other security systems. Within Azure Monitor, use Log Analytics Workspace(s) to query and perform analytics, and use Azure Storage Accounts for long-term/archival storage.
Alternatively, you may enable and on-board data to Azure Sentinel or a third-party SIEM. How to onboard Azure Sentinel:
https://docs.microsoft.com/azure/sentinel/quickstart-onboard
How to collect platform logs and metrics with Azure Monitor:
https://docs.microsoft.com/azure/azure-monitor/platform/diagnostic-settings
How to collect Azure Virtual Machine internal host logs with Azure Monitor:
https://docs.microsoft.com/azure/azure-monitor/learn/quick-collect-azurevm
How to get started with Azure Monitor and third-party SIEM integration:
https://azure.microsoft.com/blog/use-azure-monitor-to-integrate-with-siem-tools/ |
n/a |
link |
4 |
Azure_Security_Benchmark_v1.0 |
2.4 |
Azure_Security_Benchmark_v1.0_2.4 |
Azure Security Benchmark 2.4 |
Logging and Monitoring |
Collect security logs from operating systems |
Customer |
If the compute resource is owned by Microsoft, then Microsoft is responsible for monitoring it. If the compute resource is owned by your organization, it's your responsibility to monitor it. You can use Azure Security Center to monitor the OS. Data collected by Security Center from the operating system includes OS type and version, OS (Windows Event Logs), running processes, machine name, IP addresses, and logged in user. The Log Analytics Agent also collects crash dump files.
How to collect Azure Virtual Machine internal host logs with Azure Monitor:
https://docs.microsoft.com/azure/azure-monitor/learn/quick-collect-azurevm
Understand Azure Security Center data collection:
https://docs.microsoft.com/azure/security-center/security-center-enable-data-collection |
n/a |
link |
2 |
EU_GDPR_2016_679_Art. |
24 |
EU_GDPR_2016_679_Art._24 |
EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 |
Chapter 4 - Controller and processor |
Responsibility of the controller |
Shared |
n/a |
n/a |
|
306 |
EU_GDPR_2016_679_Art. |
25 |
EU_GDPR_2016_679_Art._25 |
EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 |
Chapter 4 - Controller and processor |
Data protection by design and by default |
Shared |
n/a |
n/a |
|
306 |
EU_GDPR_2016_679_Art. |
28 |
EU_GDPR_2016_679_Art._28 |
EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 |
Chapter 4 - Controller and processor |
Processor |
Shared |
n/a |
n/a |
|
306 |
EU_GDPR_2016_679_Art. |
32 |
EU_GDPR_2016_679_Art._32 |
EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 |
Chapter 4 - Controller and processor |
Security of processing |
Shared |
n/a |
n/a |
|
306 |
hipaa |
12102.09ab1Organizational.4-09.ab |
hipaa-12102.09ab1Organizational.4-09.ab |
12102.09ab1Organizational.4-09.ab |
12 Audit Logging & Monitoring |
12102.09ab1Organizational.4-09.ab 09.10 Monitoring |
Shared |
n/a |
The organization periodically tests its monitoring and detection processes, remediates deficiencies, and improves its processes. |
|
7 |
hipaa |
1217.09ab3System.3-09.ab |
hipaa-1217.09ab3System.3-09.ab |
1217.09ab3System.3-09.ab |
12 Audit Logging & Monitoring |
1217.09ab3System.3-09.ab 09.10 Monitoring |
Shared |
n/a |
Alerts are generated for technical personnel to analyze and investigate suspicious activity or suspected violations. |
|
5 |
K_ISMS_P_2018 |
2.10.1 |
K_ISMS_P_2018_2.10.1 |
K ISMS P 2018 2.10.1 |
2.10 |
Establish Procedures for Managing the Security of System Operations |
Shared |
n/a |
Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions. |
|
455 |
K_ISMS_P_2018 |
2.10.2 |
K_ISMS_P_2018_2.10.2 |
K ISMS P 2018 2.10.2 |
2.10 |
Establish Protective Measures for Administrator Privileges and Security Configurations |
Shared |
n/a |
Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations. |
|
431 |
K_ISMS_P_2018 |
2.11.1 |
K_ISMS_P_2018_2.11.1 |
K ISMS P 2018 2.11.1 |
2.11 |
Establish Procedures for Managing Internal and External Intrusion Attempts |
Shared |
n/a |
Establish procedures for detecting, analyzing, sharing, and effectively responding to internal and external intrusion attempts to prevent personal information leakage. Additionally, implement a framework for collaboration with relevant external agencies and experts. |
|
82 |
K_ISMS_P_2018 |
2.11.5 |
K_ISMS_P_2018_2.11.5 |
K ISMS P 2018 2.11.5 |
2.11 |
Establish Procedures to Respond and Recover from Incidents |
Shared |
n/a |
Establish procedures to respond and recover from incidents in a timely manner, including legal obligations for disclosing information. Additional procedures must be established and implemented to prevent recurrence. |
|
82 |
K_ISMS_P_2018 |
2.9.2a |
K_ISMS_P_2018_2.9.2a |
K ISMS P 2018 2.9.2a |
2.9.2a |
Establish Procedures for Information System Failures |
Shared |
n/a |
Establish procedures to detect, record, analyze, report, and respond to information system failures. |
|
63 |