last sync: 2024-Nov-01 18:49:23 UTC

Set automated notifications for new and trending cloud applications in your organization | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Set automated notifications for new and trending cloud applications in your organization
Id af38215f-70c4-0cd6-40c2-c52d86690a45
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_0495 - Set automated notifications for new and trending cloud applications in your organization
Additional metadata Name/Id: CMA_0495 / CMA_0495
Category: Operational
Title: Set automated notifications for new and trending cloud applications in your organization
Ownership: Customer
Description: Microsoft recommends that your organization create policies to alert when new cloud apps are detected in your organization. **How to Use Microsoft Solutions to Implement** Your organization can use App Discovery Policies to create policies which detect new apps and set alerts. There are several policy templates to choose from for app discovery, including 'New popular app', 'New high volume app', 'New Cloud Storage app', and more. You can define a variety of policies using templates based on the type of app or volume of app activity, and filter apps based on compliance risk factors for FFIEC, FedRAMP, HIPAA, ISO 27001, ISO 27017, ISO 27018, and others. There are multiple types of policies that correlate to the different types of information you want to gather about your cloud environment and the types of remediation actions you may want to take. **Learn More** Create Cloud Discovery policies: https://aka.ms/AA9ymoh
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 68 compliance controls are associated with this Policy definition 'Set automated notifications for new and trending cloud applications in your organization' (af38215f-70c4-0cd6-40c2-c52d86690a45)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CIS_Azure_1.1.0 4.6 CIS_Azure_1.1.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 4 Database Services Ensure that 'Send alerts to' is set Shared The customer is responsible for implementing this recommendation. Provide the email address where alerts will be sent when anomalous activities are detected on SQL servers. link 3
CIS_Azure_1.1.0 4.7 CIS_Azure_1.1.0_4.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.7 4 Database Services Ensure that 'Email service and co-administrators' is 'Enabled' Shared The customer is responsible for implementing this recommendation. Enable service and co-administrators to receive security alerts from the SQL server. link 3
CIS_Azure_1.1.0 5.2.1 CIS_Azure_1.1.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 5 Logging and Monitoring Ensure that Activity Log Alert exists for Create Policy Assignment Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Create Policy Assignment event. link 4
CIS_Azure_1.1.0 5.2.2 CIS_Azure_1.1.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 5 Logging and Monitoring Ensure that Activity Log Alert exists for Create or Update Network Security Group Shared The customer is responsible for implementing this recommendation. Create an Activity Log Alert for the "Create" or "Update Network Security Group" event. link 4
CIS_Azure_1.1.0 5.2.3 CIS_Azure_1.1.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 5 Logging and Monitoring Ensure that Activity Log Alert exists for Delete Network Security Group Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Delete Network Security Group event. link 4
CIS_Azure_1.1.0 5.2.4 CIS_Azure_1.1.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 5 Logging and Monitoring Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Create or Update Network Security Group Rule event. link 4
CIS_Azure_1.1.0 5.2.5 CIS_Azure_1.1.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 5 Logging and Monitoring Ensure that activity log alert exists for the Delete Network Security Group Rule Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Delete Network Security Group Rule event. link 4
CIS_Azure_1.1.0 5.2.6 CIS_Azure_1.1.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 5 Logging and Monitoring Ensure that Activity Log Alert exists for Create or Update Security Solution Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Create or Update Security Solution event. link 4
CIS_Azure_1.1.0 5.2.7 CIS_Azure_1.1.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 5 Logging and Monitoring Ensure that Activity Log Alert exists for Delete Security Solution Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Delete Security Solution event. link 4
CIS_Azure_1.1.0 5.2.8 CIS_Azure_1.1.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 5 Logging and Monitoring Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Create or Update or Delete SQL Server Firewall Rule event. link 4
CIS_Azure_1.1.0 5.2.9 CIS_Azure_1.1.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 5 Logging and Monitoring Ensure that Activity Log Alert exists for Update Security Policy Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Update Security Policy event. link 4
CIS_Azure_1.3.0 5.2.1 CIS_Azure_1.3.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 5 Logging and Monitoring Ensure that Activity Log Alert exists for Create Policy Assignment Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Create Policy Assignment event. link 4
CIS_Azure_1.3.0 5.2.2 CIS_Azure_1.3.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 5 Logging and Monitoring Ensure that Activity Log Alert exists for Delete Policy Assignment Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Delete Policy Assignment event. link 4
CIS_Azure_1.3.0 5.2.3 CIS_Azure_1.3.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 5 Logging and Monitoring Ensure that Activity Log Alert exists for Create or Update Network Security Group Shared The customer is responsible for implementing this recommendation. Create an Activity Log Alert for the "Create" or "Update Network Security Group" event. link 4
CIS_Azure_1.3.0 5.2.4 CIS_Azure_1.3.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 5 Logging and Monitoring Ensure that Activity Log Alert exists for Delete Network Security Group Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Delete Network Security Group event. link 4
CIS_Azure_1.3.0 5.2.5 CIS_Azure_1.3.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 5 Logging and Monitoring Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Create or Update Network Security Group Rule event. link 4
CIS_Azure_1.3.0 5.2.6 CIS_Azure_1.3.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 5 Logging and Monitoring Ensure that activity log alert exists for the Delete Network Security Group Rule Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Delete Network Security Group Rule event. link 4
CIS_Azure_1.3.0 5.2.7 CIS_Azure_1.3.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 5 Logging and Monitoring Ensure that Activity Log Alert exists for Create or Update Security Solution Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Create or Update Security Solution event. link 4
CIS_Azure_1.3.0 5.2.8 CIS_Azure_1.3.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 5 Logging and Monitoring Ensure that Activity Log Alert exists for Delete Security Solution Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Delete Security Solution event. link 4
CIS_Azure_1.3.0 5.2.9 CIS_Azure_1.3.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 5 Logging and Monitoring Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Create or Update or Delete SQL Server Firewall Rule event. link 4
CIS_Azure_1.4.0 5.2.1 CIS_Azure_1.4.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 5 Logging and Monitoring Ensure that Activity Log Alert exists for Create Policy Assignment Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Create Policy Assignment event. link 4
CIS_Azure_1.4.0 5.2.2 CIS_Azure_1.4.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 5 Logging and Monitoring Ensure that Activity Log Alert exists for Delete Policy Assignment Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Delete Policy Assignment event. link 4
CIS_Azure_1.4.0 5.2.3 CIS_Azure_1.4.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 5 Logging and Monitoring Ensure that Activity Log Alert exists for Create or Update Network Security Group Shared The customer is responsible for implementing this recommendation. Create an Activity Log Alert for the "Create" or "Update Network Security Group" event. link 4
CIS_Azure_1.4.0 5.2.4 CIS_Azure_1.4.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 5 Logging and Monitoring Ensure that Activity Log Alert exists for Delete Network Security Group Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Delete Network Security Group event. link 4
CIS_Azure_1.4.0 5.2.5 CIS_Azure_1.4.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 5 Logging and Monitoring Ensure that Activity Log Alert exists for Create or Update Network Security Group Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Create or Update Network Security Group Rule event. link 4
CIS_Azure_1.4.0 5.2.6 CIS_Azure_1.4.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 5 Logging and Monitoring Ensure that activity log alert exists for the Delete Network Security Group Rule Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Delete Network Security Group Rule event. link 4
CIS_Azure_1.4.0 5.2.7 CIS_Azure_1.4.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 5 Logging and Monitoring Ensure that Activity Log Alert exists for Create or Update Security Solution Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Create or Update Security Solution event. link 4
CIS_Azure_1.4.0 5.2.8 CIS_Azure_1.4.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 5 Logging and Monitoring Ensure that Activity Log Alert exists for Delete Security Solution Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Delete Security Solution event. link 4
CIS_Azure_1.4.0 5.2.9 CIS_Azure_1.4.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 5 Logging and Monitoring Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule Shared The customer is responsible for implementing this recommendation. Create an activity log alert for the Create or Update or Delete SQL Server Firewall Rule event. link 4
CIS_Azure_2.0.0 5.2.1 CIS_Azure_2.0.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 5.2 Ensure that Activity Log Alert exists for Create Policy Assignment Shared n/a Create an activity log alert for the Create Policy Assignment event. Monitoring for create policy assignment events gives insight into changes done in "Azure policy - assignments" and can reduce the time it takes to detect unsolicited changes. link 4
CIS_Azure_2.0.0 5.2.2 CIS_Azure_2.0.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 5.2 Ensure that Activity Log Alert exists for Delete Policy Assignment Shared n/a Create an activity log alert for the Delete Policy Assignment event. Monitoring for delete policy assignment events gives insight into changes done in "azure policy - assignments" and can reduce the time it takes to detect unsolicited changes. link 4
CIS_Azure_2.0.0 5.2.3 CIS_Azure_2.0.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 5.2 Ensure that Activity Log Alert exists for Create or Update Network Security Group Shared n/a Create an Activity Log Alert for the Create or Update Network Security Group event. Monitoring for Create or Update Network Security Group events gives insight into network access changes and may reduce the time it takes to detect suspicious activity. link 4
CIS_Azure_2.0.0 5.2.4 CIS_Azure_2.0.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 5.2 Ensure that Activity Log Alert exists for Delete Network Security Group Shared n/a Create an activity log alert for the Delete Network Security Group event. Monitoring for "Delete Network Security Group" events gives insight into network access changes and may reduce the time it takes to detect suspicious activity. link 4
CIS_Azure_2.0.0 5.2.5 CIS_Azure_2.0.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 5.2 Ensure that Activity Log Alert exists for Create or Update Security Solution Shared n/a Create an activity log alert for the Create or Update Security Solution event. Monitoring for Create or Update Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity. link 4
CIS_Azure_2.0.0 5.2.6 CIS_Azure_2.0.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 5.2 Ensure that Activity Log Alert exists for Delete Security Solution Shared n/a Create an activity log alert for the Delete Security Solution event. Monitoring for Delete Security Solution events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity. link 4
CIS_Azure_2.0.0 5.2.7 CIS_Azure_2.0.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 5.2 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule Shared There will be a substantial increase in log size if there are a large number of administrative actions on a server. Create an activity log alert for the Create or Update SQL Server Firewall Rule event. Monitoring for Create or Update SQL Server Firewall Rule events gives insight into network access changes and may reduce the time it takes to detect suspicious activity. link 4
CIS_Azure_2.0.0 5.2.8 CIS_Azure_2.0.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 5.2 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule Shared There will be a substantial increase in log size if there are a large number of administrative actions on a server. Create an activity log alert for the "Delete SQL Server Firewall Rule." Monitoring for Delete SQL Server Firewall Rule events gives insight into SQL network access changes and may reduce the time it takes to detect suspicious activity. link 4
FedRAMP_High_R4 CM-8(3) FedRAMP_High_R4_CM-8(3) FedRAMP High CM-8 (3) Configuration Management Automated Unauthorized Component Detection Shared n/a The organization: (a) Employs automated mechanisms [Assignment: organization-defined frequency] to detect the presence of unauthorized hardware, software, and firmware components within the information system; and (b) Takes the following actions when unauthorized components are detected: [Selection (one or more): disables network access by such components; isolates the components; notifies [Assignment: organization-defined personnel or roles]]. Supplemental Guidance: This control enhancement is applied in addition to the monitoring for unauthorized remote connections and mobile devices. Monitoring for unauthorized system components may be accomplished on an ongoing basis or by the periodic scanning of systems for that purpose. Automated mechanisms can be implemented within information systems or in other separate devices. Isolation can be achieved, for example, by placing unauthorized information system components in separate domains or subnets or otherwise quarantining such components. This type of component isolation is commonly referred to as sandboxing. Related controls: AC-17, AC-18, AC-19, CA-7, SI-3, SI-4, SI-7, RA-5. link 2
FedRAMP_High_R4 SI-4(5) FedRAMP_High_R4_SI-4(5) FedRAMP High SI-4 (5) System And Information Integrity System-Generated Alerts Shared n/a The information system alerts [Assignment: organization-defined personnel or roles] when the following indications of compromise or potential compromise occur: [Assignment: organization- defined compromise indicators]. Supplemental Guidance: Alerts may be generated from a variety of sources, including, for example, audit records or inputs from malicious code protection mechanisms, intrusion detection or prevention mechanisms, or boundary protection devices such as firewalls, gateways, and routers. Alerts can be transmitted, for example, telephonically, by electronic mail messages, or by text messaging. Organizational personnel on the notification list can include, for example, system administrators, mission/business owners, system owners, or information system security officers. Related controls: AU-5, PE-6. link 3
FedRAMP_Moderate_R4 CM-8(3) FedRAMP_Moderate_R4_CM-8(3) FedRAMP Moderate CM-8 (3) Configuration Management Automated Unauthorized Component Detection Shared n/a The organization: (a) Employs automated mechanisms [Assignment: organization-defined frequency] to detect the presence of unauthorized hardware, software, and firmware components within the information system; and (b) Takes the following actions when unauthorized components are detected: [Selection (one or more): disables network access by such components; isolates the components; notifies [Assignment: organization-defined personnel or roles]]. Supplemental Guidance: This control enhancement is applied in addition to the monitoring for unauthorized remote connections and mobile devices. Monitoring for unauthorized system components may be accomplished on an ongoing basis or by the periodic scanning of systems for that purpose. Automated mechanisms can be implemented within information systems or in other separate devices. Isolation can be achieved, for example, by placing unauthorized information system components in separate domains or subnets or otherwise quarantining such components. This type of component isolation is commonly referred to as sandboxing. Related controls: AC-17, AC-18, AC-19, CA-7, SI-3, SI-4, SI-7, RA-5. link 2
FedRAMP_Moderate_R4 SI-4(5) FedRAMP_Moderate_R4_SI-4(5) FedRAMP Moderate SI-4 (5) System And Information Integrity System-Generated Alerts Shared n/a The information system alerts [Assignment: organization-defined personnel or roles] when the following indications of compromise or potential compromise occur: [Assignment: organization- defined compromise indicators]. Supplemental Guidance: Alerts may be generated from a variety of sources, including, for example, audit records or inputs from malicious code protection mechanisms, intrusion detection or prevention mechanisms, or boundary protection devices such as firewalls, gateways, and routers. Alerts can be transmitted, for example, telephonically, by electronic mail messages, or by text messaging. Organizational personnel on the notification list can include, for example, system administrators, mission/business owners, system owners, or information system security officers. Related controls: AU-5, PE-6. link 3
hipaa 0205.09j2Organizational.2-09.j hipaa-0205.09j2Organizational.2-09.j 0205.09j2Organizational.2-09.j 02 Endpoint Protection 0205.09j2Organizational.2-09.j 09.04 Protection Against Malicious and Mobile Code Shared n/a Malicious code that is identified is blocked, quarantined, and an alert is sent to the administrators. 10
hipaa 0724.07a3Organizational.4-07.a hipaa-0724.07a3Organizational.4-07.a 0724.07a3Organizational.4-07.a 07 Vulnerability Management 0724.07a3Organizational.4-07.a 07.01 Responsibility for Assets Shared n/a The organization employs automated mechanisms to scan the network, no less than weekly, to detect the presence of unauthorized components/devices (including hardware, firmware and software) in the environment; and disables network access by such components/devices or notify designated organizational officials. 6
hipaa 1119.01j2Organizational.3-01.j hipaa-1119.01j2Organizational.3-01.j 1119.01j2Organizational.3-01.j 11 Access Control 1119.01j2Organizational.3-01.j 01.04 Network Access Control Shared n/a Network equipment is checked for unanticipated dial-up capabilities. 5
hipaa 1216.09ab3System.12-09.ab hipaa-1216.09ab3System.12-09.ab 1216.09ab3System.12-09.ab 12 Audit Logging & Monitoring 1216.09ab3System.12-09.ab 09.10 Monitoring Shared n/a Automated systems are used to review monitoring activities of security systems (e.g., IPS/IDS) and system records on a daily basis, and identify and document anomalies. 20
hipaa 1217.09ab3System.3-09.ab hipaa-1217.09ab3System.3-09.ab 1217.09ab3System.3-09.ab 12 Audit Logging & Monitoring 1217.09ab3System.3-09.ab 09.10 Monitoring Shared n/a Alerts are generated for technical personnel to analyze and investigate suspicious activity or suspected violations. 5
hipaa 1218.09ab3System.47-09.ab hipaa-1218.09ab3System.47-09.ab 1218.09ab3System.47-09.ab 12 Audit Logging & Monitoring 1218.09ab3System.47-09.ab 09.10 Monitoring Shared n/a Automated systems support near real-time analysis and alerting of events (e.g., malicious code, potential intrusions) and integrate intrusion detection into access and flow control mechanisms. 7
hipaa 1222.09ab3System.8-09.ab hipaa-1222.09ab3System.8-09.ab 1222.09ab3System.8-09.ab 12 Audit Logging & Monitoring 1222.09ab3System.8-09.ab 09.10 Monitoring Shared n/a The organization analyzes and correlates audit records across different repositories using a security information and event management (SIEM) tool or log analytics tools for log aggregation and consolidation from multiple systems/machines/devices, and correlates this information with input from non-technical sources to gain and enhance organization-wide situational awareness. Using the SIEM tool, the organization devise profiles of common events from given systems/machines/devices so that it can tune detection to focus on unusual activity, avoid false positives, more rapidly identify anomalies, and prevent overwhelming analysts with insignificant alerts. 10
hipaa 1504.06e1Organizational.34-06.e hipaa-1504.06e1Organizational.34-06.e 1504.06e1Organizational.34-06.e 15 Incident Management 1504.06e1Organizational.34-06.e 06.01 Compliance with Legal Requirements Shared n/a Management approves the use of information assets and takes appropriate action when unauthorized activity occurs. 16
hipaa 1512.11a2Organizational.8-11.a hipaa-1512.11a2Organizational.8-11.a 1512.11a2Organizational.8-11.a 15 Incident Management 1512.11a2Organizational.8-11.a 11.01 Reporting Information Security Incidents and Weaknesses Shared n/a Intrusion detection/information protection system (IDS/IPS) alerts are utilized for reporting information security events. 17
ISO27001-2013 A.12.4.1 ISO27001-2013_A.12.4.1 ISO 27001:2013 A.12.4.1 Operations Security Event Logging Shared n/a Event logs recording user activities, exceptions, faults and information security events shall be produced, kept and regularly reviewed. link 53
ISO27001-2013 A.9.1.2 ISO27001-2013_A.9.1.2 ISO 27001:2013 A.9.1.2 Access Control Access to networks and network services Shared n/a Users shall only be provided with access to the network and network services that they have been specifically authorized to use. link 29
ISO27001-2013 A.9.2.1 ISO27001-2013_A.9.2.1 ISO 27001:2013 A.9.2.1 Access Control User registration and de-registration Shared n/a A formal user registration and de-registration process shall be implemented to enable assignment of access rights. link 27
ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Access Control Secure log-on procedures Shared n/a Where required by the access control policy, access to systems and applications shall be controlled by a secure log-on procedure. link 17
NIST_SP_800-53_R4 CM-8(3) NIST_SP_800-53_R4_CM-8(3) NIST SP 800-53 Rev. 4 CM-8 (3) Configuration Management Automated Unauthorized Component Detection Shared n/a The organization: (a) Employs automated mechanisms [Assignment: organization-defined frequency] to detect the presence of unauthorized hardware, software, and firmware components within the information system; and (b) Takes the following actions when unauthorized components are detected: [Selection (one or more): disables network access by such components; isolates the components; notifies [Assignment: organization-defined personnel or roles]]. Supplemental Guidance: This control enhancement is applied in addition to the monitoring for unauthorized remote connections and mobile devices. Monitoring for unauthorized system components may be accomplished on an ongoing basis or by the periodic scanning of systems for that purpose. Automated mechanisms can be implemented within information systems or in other separate devices. Isolation can be achieved, for example, by placing unauthorized information system components in separate domains or subnets or otherwise quarantining such components. This type of component isolation is commonly referred to as sandboxing. Related controls: AC-17, AC-18, AC-19, CA-7, SI-3, SI-4, SI-7, RA-5. link 2
NIST_SP_800-53_R4 SI-4(5) NIST_SP_800-53_R4_SI-4(5) NIST SP 800-53 Rev. 4 SI-4 (5) System And Information Integrity System-Generated Alerts Shared n/a The information system alerts [Assignment: organization-defined personnel or roles] when the following indications of compromise or potential compromise occur: [Assignment: organization- defined compromise indicators]. Supplemental Guidance: Alerts may be generated from a variety of sources, including, for example, audit records or inputs from malicious code protection mechanisms, intrusion detection or prevention mechanisms, or boundary protection devices such as firewalls, gateways, and routers. Alerts can be transmitted, for example, telephonically, by electronic mail messages, or by text messaging. Organizational personnel on the notification list can include, for example, system administrators, mission/business owners, system owners, or information system security officers. Related controls: AU-5, PE-6. link 3
NIST_SP_800-53_R5 CM-8(3) NIST_SP_800-53_R5_CM-8(3) NIST SP 800-53 Rev. 5 CM-8 (3) Configuration Management Automated Unauthorized Component Detection Shared n/a (a) Detect the presence of unauthorized hardware, software, and firmware components within the system using [Assignment: organization-defined automated mechanisms] [Assignment: organization-defined frequency]; and (b) Take the following actions when unauthorized components are detected: [Selection (OneOrMore): disable network access by such components;isolate the components;notify [Assignment: organization-defined personnel or roles] ] . link 2
NIST_SP_800-53_R5 SI-4(5) NIST_SP_800-53_R5_SI-4(5) NIST SP 800-53 Rev. 5 SI-4 (5) System and Information Integrity System-generated Alerts Shared n/a Alert [Assignment: organization-defined personnel or roles] when the following system-generated indications of compromise or potential compromise occur: [Assignment: organization-defined compromise indicators]. link 3
op.acc.1 Identification op.acc.1 Identification 404 not found n/a n/a 66
op.acc.2 Access requirements op.acc.2 Access requirements 404 not found n/a n/a 64
op.acc.5 Authentication mechanism (external users) op.acc.5 Authentication mechanism (external users) 404 not found n/a n/a 72
op.acc.6 Authentication mechanism (organization users) op.acc.6 Authentication mechanism (organization users) 404 not found n/a n/a 78
op.exp.8 Recording of the activity op.exp.8 Recording of the activity 404 not found n/a n/a 67
op.ext.4 Interconnection of systems op.ext.4 Interconnection of systems 404 not found n/a n/a 68
PCI_DSS_v4.0 11.5.1 PCI_DSS_v4.0_11.5.1 PCI DSS v4.0 11.5.1 Requirement 11: Test Security of Systems and Networks Regularly Network intrusions and unexpected file changes are detected and responded to Shared n/a Intrusion-detection and/or intrusionprevention techniques are used to detect and/or prevent intrusions into the network as follows: • All traffic is monitored at the perimeter of the CDE. • All traffic is monitored at critical points in the CDE. • Personnel are alerted to suspected compromises. • All intrusion-detection and prevention engines, baselines, and signatures are kept up to date. link 5
PCI_DSS_v4.0 11.5.1.1 PCI_DSS_v4.0_11.5.1.1 PCI DSS v4.0 11.5.1.1 Requirement 11: Test Security of Systems and Networks Regularly Network intrusions and unexpected file changes are detected and responded to Shared n/a Intrusion-detection and/or intrusion-prevention techniques detect, alert on/prevent, and address covert malware communication channels. link 3
SOC_2 CC7.1 SOC_2_CC7.1 SOC 2 Type 2 CC7.1 System Operations Detection and monitoring of new vulnerabilities Shared The customer is responsible for implementing this recommendation. • Uses Defined Configuration Standards — Management has defined configuration standards. • Monitors Infrastructure and Software — The entity monitors infrastructure and software for noncompliance with the standards, which could threaten the achievement of the entity's objectives. • Implements Change-Detection Mechanisms — The IT system includes a changedetection mechanism (for example, file integrity monitoring tools) to alert personnel to unauthorized modifications of critical system files, configuration files, or content files. • Detects Unknown or Unauthorized Components — Procedures are in place to detect the introduction of unknown or unauthorized components. • Conducts Vulnerability Scans — The entity conducts vulnerability scans designed to identify potential vulnerabilities or misconfigurations on a periodic basis and after any significant change in the environment and takes action to remediate identified deficiencies on a timely basis 15
SWIFT_CSCF_v2022 6.5A SWIFT_CSCF_v2022_6.5A SWIFT CSCF v2022 6.5A 6. Detect Anomalous Activity to Systems or Transaction Records Detect and contain anomalous network activity into and within the local or remote SWIFT environment. Shared n/a Intrusion detection is implemented to detect unauthorised network access and anomalous activity. link 17
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.3.0 612b5213-9160-4969-8578-1518bd2a000c Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.4.0 c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5 Regulatory Compliance GA BuiltIn
CIS Microsoft Azure Foundations Benchmark v2.0.0 06f19060-9e68-4070-92ca-f15cc126059e Regulatory Compliance GA BuiltIn
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
PCI DSS v4 c676748e-3af9-4e22-bc28-50feed564afb Regulatory Compliance GA BuiltIn
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-02 16:33:37 add af38215f-70c4-0cd6-40c2-c52d86690a45
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC