last sync: 2025-Mar-23 22:31:17 UTC

Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace

Azure BuiltIn Policy definition

Source Azure Portal
Display name Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace
Id d550e854-df1a-4de9-bf44-cd894b39a95e
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Monitoring
Microsoft Learn
Description Link the Application Insights component to a Log Analytics workspace for logs encryption. Customer-managed keys are commonly required to meet regulatory compliance and for more control over the access to your data in Azure Monitor. Linking your component to a Log Analytics workspace that's enabled with a customer-managed key, ensures that your Application Insights logs meet this compliance requirement, see https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Insights/components/WorkspaceResourceId microsoft.insights components properties.WorkspaceResourceId True True
Rule resource types IF (1)
Microsoft.Insights/components
Compliance
The following 56 compliance controls are associated with this Policy definition 'Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace' (d550e854-df1a-4de9-bf44-cd894b39a95e)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management Account Management | Automated Audit Actions Shared 1. The information system automatically audits account creation, modification, enabling, disabling, and removal actions, and notifies responsible managers. 2. Related controls: AU-2, AU-12. To ensure accountability and transparency within the information system. 53
CIS_Controls_v8.1 12.5 CIS_Controls_v8.1_12.5 CIS Controls v8.1 12.5 Network Infrastructure Management Centralize network authentication, authorization and auditing (AAA) Shared Centralize network AAA. To ensure that all network AAA is centralized to maintain standardisation and integrity of AAA. 22
CIS_Controls_v8.1 5.5 CIS_Controls_v8.1_5.5 CIS Controls v8.1 5.5 Account Management Establish and maintain an inventory of service accounts. Shared 1. Establish and maintain an inventory of service accounts. 2. The inventory, at a minimum, must contain department owner, review date, and purpose. 3. Perform service account reviews to validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently. To ensure accurate tracking and management of service accounts. 19
CIS_Controls_v8.1 5.6 CIS_Controls_v8.1_5.6 CIS Controls v8.1 5.6 Account Management Centralize account management Shared Centralize account management through a directory or identity service. To optimize and simply the process of account management. 20
CIS_Controls_v8.1 6.5 CIS_Controls_v8.1_6.5 CIS Controls v8.1 6.5 Access Control Management Require MFA for administrative access Shared Require MFA for all administrative access accounts, where supported, on all enterprise assets, whether managed on-site or through a third-party provider. To ensure safety and integrity of administrative accounts. 3
CIS_Controls_v8.1 6.7 CIS_Controls_v8.1_6.7 CIS Controls v8.1 6.7 Access Control Management Centralize access control Shared Centralize access control for all enterprise assets through a directory service or SSO provider, where supported. To optimize and simply the process of access control management. 3
CIS_Controls_v8.1 8.6 CIS_Controls_v8.1_8.6 CIS Controls v8.1 8.6 Audit Log Management Collect DNS query audit logs Shared Collect DNS query audit logs on enterprise assets, where appropriate and supported. To maintain an audit trail of any changes to the DNS server configuration. 3
CMMC_L2_v1.9.0 AU.L2_3.3.8 CMMC_L2_v1.9.0_AU.L2_3.3.8 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.8 Audit and Accountability Audit Protection Shared Protect audit information and audit logging tools from unauthorized access, modification, and deletion. To ensure the integrity and confidentiality of the data collected for monitoring and analysis purposes. 4
CMMC_L2_v1.9.0 MP.L2_3.8.6 CMMC_L2_v1.9.0_MP.L2_3.8.6 Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 MP.L2 3.8.6 Media Protection Portable Storage Encryption Shared Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards. To ensure that sensitive information remains secure and confidential even if the media is lost, stolen, or intercepted during transit. 9
CSA_v4.0.12 CEK_03 CSA_v4.0.12_CEK_03 CSA Cloud Controls Matrix v4.0.12 CEK 03 Cryptography, Encryption & Key Management Data Encryption Shared n/a Provide cryptographic protection to data at-rest and in-transit, using cryptographic libraries certified to approved standards. 58
CSA_v4.0.12 IAM_12 CSA_v4.0.12_IAM_12 CSA Cloud Controls Matrix v4.0.12 IAM 12 Identity & Access Management Safeguard Logs Integrity Shared n/a Define, implement and evaluate processes, procedures and technical measures to ensure the logging infrastructure is read-only for all with write access, including privileged access roles, and that the ability to disable it is controlled through a procedure that ensures the segregation of duties and break glass procedures. 42
CSA_v4.0.12 LOG_09 CSA_v4.0.12_LOG_09 CSA Cloud Controls Matrix v4.0.12 LOG 09 Logging and Monitoring Log Protection Shared n/a The information system protects audit records from unauthorized access, modification, and deletion. 4
CSA_v4.0.12 UEM_08 CSA_v4.0.12_UEM_08 CSA Cloud Controls Matrix v4.0.12 UEM 08 Universal Endpoint Management Storage Encryption Shared n/a Protect information from unauthorized disclosure on managed endpoint devices with storage encryption. 14
EU_2555_(NIS2)_2022 EU_2555_(NIS2)_2022_21 EU_2555_(NIS2)_2022_21 EU 2022/2555 (NIS2) 2022 21 Cybersecurity risk-management measures Shared n/a Requires essential and important entities to take appropriate measures to manage cybersecurity risks. 194
EU_GDPR_2016_679_Art. 24 EU_GDPR_2016_679_Art._24 EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 Chapter 4 - Controller and processor Responsibility of the controller Shared n/a n/a 311
EU_GDPR_2016_679_Art. 25 EU_GDPR_2016_679_Art._25 EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 Chapter 4 - Controller and processor Data protection by design and by default Shared n/a n/a 311
EU_GDPR_2016_679_Art. 28 EU_GDPR_2016_679_Art._28 EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 Chapter 4 - Controller and processor Processor Shared n/a n/a 311
EU_GDPR_2016_679_Art. 32 EU_GDPR_2016_679_Art._32 EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 Chapter 4 - Controller and processor Security of processing Shared n/a n/a 311
FBI_Criminal_Justice_Information_Services_v5.9.5_5 .1 FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 Policy and Implementation - Systems And Communications Protection Systems And Communications Protection Shared In addition, applications, services, or information systems must have the capability to ensure system integrity through the detection and protection against unauthorized changes to software and information. Examples of systems and communications safeguards range from boundary and transmission protection to securing an agency's virtualized environment. 111
FBI_Criminal_Justice_Information_Services_v5.9.5_5 .4 FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 404 not found n/a n/a 42
HITRUST_CSF_v11.3 06.c HITRUST_CSF_v11.3_06.c HITRUST CSF v11.3 06.c Compliance with Legal Requirements To prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. Shared 1. Guidelines are to be issued and implemented by the organization on the ownership, classification, retention, storage, handling, and disposal of all records and information. 2. Accountings of disclosure as organizational records are to be documented and maintained for a pre-defined period. Important records shall be protected from loss, destruction, and falsification, in accordance with statutory, regulatory, contractual, and business requirements. 26
HITRUST_CSF_v11.3 09.ac HITRUST_CSF_v11.3_09.ac HITRUST CSF v11.3 09.ac Monitoring To protect logging systems and log information against tampering and unauthorized access. Shared 1. To prevent unauthorized access and tampering, access to logging systems and log information is to be restricted and protected. 2. Authorized and unauthorized access attempts to audit system is to be logged and modification of audit trails of access to the audit system is to be disallowed. 3. File-integrity monitoring or change-detection software on logs is to implemented and alerts to be generated to change any existing log data. 4. External-facing technology logs on are to be stored on an internal network server. Logging systems and log information shall be protected against tampering and unauthorized access. 4
ISO_IEC_27002_2022 8.15 ISO_IEC_27002_2022_8.15 ISO IEC 27002 2022 8.15 Detection Control Logging Shared Logs that record activities, exceptions, faults and other relevant events should be produced, stored, protected and analysed. To record events, generate evidence, ensure the integrity of log information, prevent against unauthorized access, identify information security events that can lead to an information security incident and to support investigations. 30
NIST_SP_800-171_R3_3 .13.8 NIST_SP_800-171_R3_3.13.8 NIST 800-171 R3 3.13.8 System and Communications Protection Control Transmission and Storage Confidentiality Shared This requirement applies to internal and external networks and any system components that can transmit CUI, including servers, notebook computers, desktop computers, mobile devices, printers, copiers, scanners, facsimile machines, and radios. Unprotected communication paths are susceptible to interception and modification. Encryption protects CUI from unauthorized disclosure during transmission and while in storage. Cryptographic mechanisms that protect the confidentiality of CUI during transmission include TLS and IPsec. Information in storage (i.e. information at rest) refers to the state of CUI when it is not in process or in transit and resides on internal or external storage devices, storage area network devices, and databases. Protecting CUI in storage does not focus on the type of storage device or the frequency of access to that device but rather on the state of the information. This requirement relates to 03.13.11. Implement cryptographic mechanisms to prevent the unauthorized disclosure of CUI during transmission and while in storage. 12
NIST_SP_800-171_R3_3 .3.8 NIST_SP_800-171_R3_3.3.8 404 not found n/a n/a 4
NIST_SP_800-53_R5.1.1 AU.9 NIST_SP_800-53_R5.1.1_AU.9 NIST SP 800-53 R5.1.1 AU.9 Audit and Accountability Control Protection of Audit Information Shared a. Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and b. Alert [Assignment: organization-defined personnel or roles] upon detection of unauthorized access, modification, or deletion of audit information. Audit information includes all information needed to successfully audit system activity, such as audit records, audit log settings, audit reports, and personally identifiable information. Audit logging tools are those programs and devices used to conduct system audit and logging activities. Protection of audit information focuses on technical protection and limits the ability to access and execute audit logging tools to authorized individuals. Physical protection of audit information is addressed by both media protection controls and physical and environmental protection controls. 4
NIST_SP_800-53_R5.1.1 SC.28.1 NIST_SP_800-53_R5.1.1_SC.28.1 NIST SP 800-53 R5.1.1 SC.28.1 System and Communications Protection Protection of Information at Rest | Cryptographic Protection Shared Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on [Assignment: organization-defined system components or media]: [Assignment: organization-defined information]. The selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of organizational information. The strength of mechanism is commensurate with the security category or classification of the information. Organizations have the flexibility to encrypt information on system components or media or encrypt data structures, including files, records, or fields. 9
NZISM_v3.7 14.3.10.C.01. NZISM_v3.7_14.3.10.C.01. NZISM v3.7 14.3.10.C.01. Web Applications 14.3.10.C.01. - To maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. Shared n/a Agencies SHOULD implement allow listing for all HTTP traffic being communicated through their gateways. 24
NZISM_v3.7 14.3.10.C.02. NZISM_v3.7_14.3.10.C.02. NZISM v3.7 14.3.10.C.02. Web Applications 14.3.10.C.02. - To maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. Shared n/a Agencies using an allow list on their gateways to specify the external addresses, to which encrypted connections are permitted, SHOULD specify allow list addresses by domain name or IP address. 23
NZISM_v3.7 16.6.10.C.01. NZISM_v3.7_16.6.10.C.01. NZISM v3.7 16.6.10.C.01. Event Logging and Auditing 16.6.10.C.01. - To enhance system security and accountability. Shared n/a Agencies SHOULD log the events listed in the table below for specific software components. 1. Database - a. System user access to the database. b. Attempted access that is denied c. Changes to system user roles or database rights. d. Addition of new system users, especially privileged users e. Modifications to the data. f. Modifications to the format or structure of the database 2. Network/operating system a. Successful and failed attempts to logon and logoff. b. Changes to system administrator and system user accounts. c. Failed attempts to access data and system resources. d. Attempts to use special privileges. e. Use of special privileges. f. System user or group management. g. Changes to the security policy. h. Service failures and restarts. i.System startup and shutdown. j. Changes to system configuration data. k. Access to sensitive data and processes. l. Data import/export operations. 3. Web application a. System user access to the Web application. b. Attempted access that is denied. c. System user access to the Web documents. d. Search engine queries initiated by system users. 33
NZISM_v3.7 16.6.10.C.02. NZISM_v3.7_16.6.10.C.02. NZISM v3.7 16.6.10.C.02. Event Logging and Auditing 16.6.10.C.02. - To enhance system security and accountability. Shared n/a Agencies SHOULD log, at minimum, the following events for all software components: 1. user login; 2. all privileged operations; 3. failed attempts to elevate privileges; 4. security related system alerts and failures; 5. system user and group additions, deletions and modification to permissions; and 6. unauthorised or failed access attempts to systems and files identified as critical to the agency. 50
NZISM_v3.7 16.6.11.C.01. NZISM_v3.7_16.6.11.C.01. NZISM v3.7 16.6.11.C.01. Event Logging and Auditing 16.6.11.C.01. - To enhance system security and accountability. Shared n/a For each event identified as needing to be logged, agencies MUST ensure that the log facility records at least the following details, where applicable: 1. date and time of the event; 2. relevant system user(s) or processes; 3. event description; 4. success or failure of the event; 5. event source (e.g. application name); and 6. IT equipment location/identification. 50
NZISM_v3.7 16.6.12.C.01. NZISM_v3.7_16.6.12.C.01. NZISM v3.7 16.6.12.C.01. Event Logging and Auditing 16.6.12.C.01. - To maintain integrity of the data. Shared n/a Event logs MUST be protected from: 1. modification and unauthorised access; and 2. whole or partial loss within the defined retention period. 50
NZISM_v3.7 16.6.12.C.02. NZISM_v3.7_16.6.12.C.02. NZISM v3.7 16.6.12.C.02. Event Logging and Auditing 16.6.12.C.02. - To enhance system security and accountability. Shared n/a Agencies MUST configure systems to save event logs to separate secure servers as soon as possible after each event occurs. 2
NZISM_v3.7 16.6.12.C.03. NZISM_v3.7_16.6.12.C.03. NZISM v3.7 16.6.12.C.03. Event Logging and Auditing 16.6.12.C.03. - To maintain integrity of the data. Shared n/a Agencies SHOULD ensure that: 1. systems are configured to save event logs to a separate secure log server; and 2. event log data is archived in a manner that maintains its integrity. 2
NZISM_v3.7 16.6.13.C.01. NZISM_v3.7_16.6.13.C.01. NZISM v3.7 16.6.13.C.01. Event Logging and Auditing 16.6.13.C.01. - To maintain integrity of the data. Shared n/a Event logs MUST be archived and retained for an appropriate period as determined by the agency. 2
NZISM_v3.7 16.6.13.C.02. NZISM_v3.7_16.6.13.C.02. NZISM v3.7 16.6.13.C.02. Event Logging and Auditing 16.6.13.C.02. - To maintain transparency, integrity, and legality in handling sensitive information and mitigate potential risks associated with data breaches or unauthorized access. Shared n/a Disposal or archiving of DNS, proxy, event, systems and other operational logs MUST be in accordance with the provisions of the relevant legislation. 2
NZISM_v3.7 16.6.6.C.01. NZISM_v3.7_16.6.6.C.01. NZISM v3.7 16.6.6.C.01. Event Logging and Auditing 16.6.6.C.01. - To enhance security and reduce the risk of unauthorized access or misuse. Shared n/a Agencies MUST maintain system management logs for the life of a system. 50
NZISM_v3.7 16.6.7.C.01. NZISM_v3.7_16.6.7.C.01. NZISM v3.7 16.6.7.C.01. Event Logging and Auditing 16.6.7.C.01. - To facilitate effective monitoring, troubleshooting, and auditability of system operations. Shared n/a A system management log SHOULD record the following minimum information: 1. all system start-up and shutdown; 2. service, application, component or system failures; 3. maintenance activities; 4. backup and archival activities; 5. system recovery activities; and 6. special or out of hours activities. 50
NZISM_v3.7 16.6.9.C.01. NZISM_v3.7_16.6.9.C.01. NZISM v3.7 16.6.9.C.01. Event Logging and Auditing 16.6.9.C.01. - To enhance system security and accountability. Shared n/a Agencies MUST log, at minimum, the following events for all software components: 1. logons; 2. failed logon attempts; 3. logoffs; 4 .date and time; 5. all privileged operations; 6. failed attempts to elevate privileges; 7. security related system alerts and failures; 8. system user and group additions, deletions and modification to permissions; and 9. unauthorised or failed access attempts to systems and files identified as critical to the agency. 48
NZISM_v3.7 19.1.20.C.01. NZISM_v3.7_19.1.20.C.01. NZISM v3.7 19.1.20.C.01. Gateways 19.1.20.C.01. - To reduce the risk of unauthorized access or misuse. Shared n/a Agencies MUST authenticate system users to all classified networks accessed through gateways. 24
NZISM_v3.7 19.1.20.C.02. NZISM_v3.7_19.1.20.C.02. NZISM v3.7 19.1.20.C.02. Gateways 19.1.20.C.02. - To reduce the risk of unauthorized access or misuse. Shared n/a Agencies MUST ensure that only authenticated and authorised system users can use the gateway. 15
NZISM_v3.7 19.1.20.C.03. NZISM_v3.7_19.1.20.C.03. NZISM v3.7 19.1.20.C.03. Gateways 19.1.20.C.03. - To reduce the risk of unauthorized access or misuse. Shared n/a Agencies SHOULD use multi-factor authentication for access to networks and gateways. 9
PCI_DSS_v4.0.1 10.3.2 PCI_DSS_v4.0.1_10.3.2 PCI DSS v4.0.1 10.3.2 Log and Monitor All Access to System Components and Cardholder Data Protection of Audit Logs Shared n/a Audit log files are protected to prevent modifications by individuals. 4
PCI_DSS_v4.0.1 11.5.2 PCI_DSS_v4.0.1_11.5.2 PCI DSS v4.0.1 11.5.2 Test Security of Systems and Networks Regularly Change-Detection Mechanism Deployment Shared n/a A change-detection mechanism (for example, file integrity monitoring tools) is deployed as follows: • To alert personnel to unauthorized modification (including changes, additions, and deletions) of critical files. • To perform critical file comparisons at least once weekly. 31
PCI_DSS_v4.0.1 3.5.1.2 PCI_DSS_v4.0.1_3.5.1.2 PCI DSS v4.0.1 3.5.1.2 Protect Stored Account Data If disk-level or partition-level encryption (rather than file-, column-, or field-level database encryption) is used to render PAN unreadable, it is implemented only as follows: on removable electronic media OR if used for non-removable electronic media, PAN is also rendered unreadable via another mechanism that meets Requirement 3.5.1 Shared n/a Examine encryption processes to verify that, if disk-level or partition-level encryption is used to render PAN unreadable, it is implemented only as follows: on removable electronic media, OR if used for non-removable electronic media, examine encryption processes used to verify that PAN is also rendered unreadable via another method that meets Requirement 3.5.1. Examine configurations and/or vendor documentation and observe encryption processes to verify the system is configured according to vendor documentation the result is that the disk or the partition is rendered unreadable 9
RBI_CSF_Banks_v2016 6.4 RBI_CSF_Banks_v2016_6.4 Application Security Life Cycle (Aslc) Application Security Life Cycle (Aslc)-6.4 n/a Besides business functionalities, security requirements relating to system access control, authentication, transaction authorization, data integrity, system activity logging, audit trail, session management, security event tracking and exception handling are required to be clearly specified at the initial and ongoing stages of system development/acquisition/implementation. 13
RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Information and Cyber Security Trails-3.1 n/a The IS Policy must provide for a IS framework with the following basic tenets: Trails- NBFCs shall ensure that audit trails exist for IT assets satisfying its business requirements including regulatory and legal requirements, facilitating audit, serving as forensic evidence when required and assisting in dispute resolution. If an employee, for instance, attempts to access an unauthorized section, this improper activity should be recorded in the audit trail. link 36
RMiT_v1.0 10.66 RMiT_v1.0_10.66 RMiT 10.66 Security of Digital Services Security of Digital Services - 10.66 Shared n/a A financial institution must implement robust technology security controls in providing digital services which assure the following: (a) confidentiality and integrity of customer and counterparty information and transactions; (b) reliability of services delivered via channels and devices with minimum disruption to services; (c) proper authentication of users or devices and authorisation of transactions; (d) sufficient audit trail and monitoring of anomalous transactions; (e) ability to identify and revert to the recovery point prior to incident or service disruption; and (f) strong physical control and logical control measures link 31
SOC_2023 CC2.3 SOC_2023_CC2.3 SOC 2023 CC2.3 Information and Communication To facilitate effective internal communication. Shared n/a Entity to communicate with external parties regarding matters affecting the functioning of internal control. 218
SOC_2023 CC5.3 SOC_2023_CC5.3 SOC 2023 CC5.3 Control Activities To maintain alignment with organizational objectives and regulatory requirements. Shared n/a Entity deploys control activities through policies that establish what is expected and in procedures that put policies into action by establishing Policies and Procedures to Support Deployment of Management’s Directives, Responsibility and Accountability for Executing Policies and Procedures, perform tasks in a timely manner, taking corrective actions, perform using competent personnel and reassess policies and procedures. 229
SOC_2023 CC6.1 SOC_2023_CC6.1 SOC 2023 CC6.1 Logical and Physical Access Controls To mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. Shared n/a Entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives by identifying and managing the inventory of information assets, restricting logical access, identification and authentication of users, consider network segmentation, manage points of access, restricting access of information assets, managing identification and authentication, managing credentials for infrastructure and software, using encryption to protect data and protect using encryption keys. 128
SOC_2023 CC7.4 SOC_2023_CC7.4 SOC 2023 CC7.4 Systems Operations To effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. Shared n/a The entity responds to identified security incidents by: a. Executing a defined incident-response program to understand, contain, remediate, and communicate security incidents by assigning roles and responsibilities; b. Establishing procedures to contain security incidents; c. Mitigating ongoing security incidents, End Threats Posed by Security Incidents; d. Restoring operations; e. Developing and Implementing Communication Protocols for Security Incidents; f. Obtains Understanding of Nature of Incident and Determines Containment Strategy; g. Remediation Identified Vulnerabilities; h. Communicating Remediation Activities; and, i. Evaluating the Effectiveness of Incident Response and periodic incident evaluations. 213
SWIFT_CSCF_2024 2.9 SWIFT_CSCF_2024_2.9 SWIFT Customer Security Controls Framework 2024 2.9 Transaction Controls Transaction Business Controls Shared 1. Implementing business controls that restrict Swift transactions to the fullest extent possible reduces the opportunity for the sending (outbound) and, optionally, receiving (inbound) of fraudulent transactions. 2. These restrictions are best determined through an analysis of normal business activity. Parameters can then be set to restrict business to acceptable thresholds based on “normal” activity. To ensure outbound transaction activity within the expected bounds of normal business. 25
SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 6. Detect Anomalous Activity to Systems or Transaction Records Record security events and detect anomalous actions and operations within the local SWIFT environment. Shared n/a Capabilities to detect anomalous activity are implemented, and a process or tool is in place to keep and review logs. link 50
UK_NCSC_CAF_v3.2 C1.b UK_NCSC_CAF_v3.2_C1.b NCSC Cyber Assurance Framework (CAF) v3.2 C1.b Security Monitoring Securing Logs Shared 1. The integrity of logging data is protected, or any modification is detected and attributed. 2. The logging architecture has mechanisms, processes and procedures to ensure that it can protect itself from threats comparable to those it is trying to identify. This includes protecting the function itself, and the data within it. 3. Log data analysis and normalisation is only performed on copies of the data keeping the master copy unaltered. 4. Logging datasets are synchronised, using an accurate common time source, so that separate datasets can be correlated in different ways. 5. Access to logging data is limited to those with business need and no others. 6. All actions involving all logging data (e.g. copying, deleting or modification, or even viewing) can be traced back to a unique user. 7. Legitimate reasons for accessing logging data are given in use policies. Hold logging data securely and grant read access only to accounts with business need. No employee should ever need to modify or delete logging data within an agreed retention period, after which it should be deleted. 11
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: Reserve Bank of India - IT Framework for Banks d0d5578d-cc08-2b22-31e3-f525374f235a Regulatory Compliance Preview BuiltIn unknown
[Preview]: Reserve Bank of India - IT Framework for NBFC 7f89f09c-48c1-f28d-1bd5-84f3fb22f86c Regulatory Compliance Preview BuiltIn unknown
Canada Federal PBMM 3-1-2020 f8f5293d-df94-484a-a3e7-6b422a999d91 Regulatory Compliance GA BuiltIn unknown
CIS Controls v8.1 046796ef-e8a7-4398-bbe9-cce970b1a3ae Regulatory Compliance GA BuiltIn unknown
CSA CSA Cloud Controls Matrix v4.0.12 8791506a-dec4-497a-a83f-3abfde37c400 Regulatory Compliance GA BuiltIn unknown
Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 a4087154-2edb-4329-b56a-1cc986807f3c Regulatory Compliance GA BuiltIn unknown
EU 2022/2555 (NIS2) 2022 42346945-b531-41d8-9e46-f95057672e88 Regulatory Compliance GA BuiltIn unknown
EU General Data Protection Regulation (GDPR) 2016/679 7326812a-86a4-40c8-af7c-8945de9c4913 Regulatory Compliance GA BuiltIn unknown
FBI Criminal Justice Information Services (CJIS) v5.9.5 4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721 Regulatory Compliance GA BuiltIn unknown
HITRUST CSF v11.3 e0d47b75-5d99-442a-9d60-07f2595ab095 Regulatory Compliance GA BuiltIn unknown
ISO/IEC 27002 2022 e3030e83-88d5-4f23-8734-6577a2c97a32 Regulatory Compliance GA BuiltIn unknown
NCSC Cyber Assurance Framework (CAF) v3.2 6d220abf-cf6f-4b17-8f7e-0644c4cc84b4 Regulatory Compliance GA BuiltIn unknown
NIST 800-171 R3 38916c43-6876-4971-a4b1-806aa7e55ccc Regulatory Compliance GA BuiltIn unknown
NIST SP 800-53 R5.1.1 60205a79-6280-4e20-a147-e2011e09dc78 Regulatory Compliance GA BuiltIn unknown
NZISM v3.7 4476df0a-18ab-4bfe-b6ad-cccae1cf320f Regulatory Compliance GA BuiltIn unknown
PCI DSS v4.0.1 a06d5deb-24aa-4991-9d58-fa7563154e31 Regulatory Compliance GA BuiltIn unknown
RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance GA BuiltIn unknown
SOC 2023 53ad89f5-8542-49e9-ba81-1cbd686e0d52 Regulatory Compliance GA BuiltIn unknown
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn unknown
SWIFT Customer Security Controls Framework 2024 7499005e-df5a-45d9-810f-041cf346678c Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 change Minor (1.0.0 > 1.1.0)
2021-02-17 14:28:42 add d550e854-df1a-4de9-bf44-cd894b39a95e
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC