compliance controls are associated with this Policy definition 'Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace' (d550e854-df1a-4de9-bf44-cd894b39a95e)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| Canada_Federal_PBMM_3-1-2020 |
AC_2(4) |
Canada_Federal_PBMM_3-1-2020_AC_2(4) |
Canada Federal PBMM 3-1-2020 AC 2(4) |
Account Management |
Account Management | Automated Audit Actions |
Shared |
1. The information system automatically audits account creation, modification, enabling, disabling, and removal actions, and notifies responsible managers.
2. Related controls: AU-2, AU-12. |
To ensure accountability and transparency within the information system. |
|
52 |
| CIS_Controls_v8.1 |
12.5 |
CIS_Controls_v8.1_12.5 |
CIS Controls v8.1 12.5 |
Network Infrastructure Management |
Centralize network authentication, authorization and auditing (AAA) |
Shared |
Centralize network AAA. |
To ensure that all network AAA is centralized to maintain standardisation and integrity of AAA. |
|
22 |
| CIS_Controls_v8.1 |
5.5 |
CIS_Controls_v8.1_5.5 |
CIS Controls v8.1 5.5 |
Account Management |
Establish and maintain an inventory of service accounts. |
Shared |
1. Establish and maintain an inventory of service accounts.
2. The inventory, at a minimum, must contain department owner, review date, and purpose.
3. Perform service account reviews to validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently. |
To ensure accurate tracking and management of service accounts. |
|
19 |
| CIS_Controls_v8.1 |
5.6 |
CIS_Controls_v8.1_5.6 |
CIS Controls v8.1 5.6 |
Account Management |
Centralize account management |
Shared |
Centralize account management through a directory or identity service.
|
To optimize and simply the process of account management. |
|
20 |
| CIS_Controls_v8.1 |
6.5 |
CIS_Controls_v8.1_6.5 |
CIS Controls v8.1 6.5 |
Access Control Management |
Require MFA for administrative access |
Shared |
Require MFA for all administrative access accounts, where supported, on all enterprise assets, whether managed on-site or through a third-party provider. |
To ensure safety and integrity of administrative accounts. |
|
3 |
| CIS_Controls_v8.1 |
6.7 |
CIS_Controls_v8.1_6.7 |
CIS Controls v8.1 6.7 |
Access Control Management |
Centralize access control |
Shared |
Centralize access control for all enterprise assets through a directory service or SSO provider, where supported. |
To optimize and simply the process of access control management. |
|
3 |
| CIS_Controls_v8.1 |
8.6 |
CIS_Controls_v8.1_8.6 |
CIS Controls v8.1 8.6 |
Audit Log Management |
Collect DNS query audit logs |
Shared |
Collect DNS query audit logs on enterprise assets, where appropriate and supported. |
To maintain an audit trail of any changes to the DNS server configuration.
|
|
3 |
| CMMC_L2_v1.9.0 |
AU.L2_3.3.8 |
CMMC_L2_v1.9.0_AU.L2_3.3.8 |
Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 AU.L2 3.3.8 |
Audit and Accountability |
Audit Protection |
Shared |
Protect audit information and audit logging tools from unauthorized access, modification, and deletion. |
To ensure the integrity and confidentiality of the data collected for monitoring and analysis purposes. |
|
4 |
| CMMC_L2_v1.9.0 |
MP.L2_3.8.6 |
CMMC_L2_v1.9.0_MP.L2_3.8.6 |
Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 MP.L2 3.8.6 |
Media Protection |
Portable Storage Encryption |
Shared |
Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards. |
To ensure that sensitive information remains secure and confidential even if the media is lost, stolen, or intercepted during transit. |
|
9 |
| CSA_v4.0.12 |
CEK_03 |
CSA_v4.0.12_CEK_03 |
CSA Cloud Controls Matrix v4.0.12 CEK 03 |
Cryptography, Encryption & Key Management |
Data Encryption |
Shared |
n/a |
Provide cryptographic protection to data at-rest and in-transit,
using cryptographic libraries certified to approved standards. |
|
58 |
| CSA_v4.0.12 |
IAM_12 |
CSA_v4.0.12_IAM_12 |
CSA Cloud Controls Matrix v4.0.12 IAM 12 |
Identity & Access Management |
Safeguard Logs Integrity |
Shared |
n/a |
Define, implement and evaluate processes, procedures and technical
measures to ensure the logging infrastructure is read-only for all with write
access, including privileged access roles, and that the ability to disable it
is controlled through a procedure that ensures the segregation of duties and
break glass procedures. |
|
42 |
| CSA_v4.0.12 |
LOG_09 |
CSA_v4.0.12_LOG_09 |
CSA Cloud Controls Matrix v4.0.12 LOG 09 |
Logging and Monitoring |
Log Protection |
Shared |
n/a |
The information system protects audit records from unauthorized access,
modification, and deletion. |
|
4 |
| CSA_v4.0.12 |
UEM_08 |
CSA_v4.0.12_UEM_08 |
CSA Cloud Controls Matrix v4.0.12 UEM 08 |
Universal Endpoint Management |
Storage Encryption |
Shared |
n/a |
Protect information from unauthorized disclosure on managed endpoint
devices with storage encryption. |
|
14 |
| EU_2555_(NIS2)_2022 |
EU_2555_(NIS2)_2022_21 |
EU_2555_(NIS2)_2022_21 |
EU 2022/2555 (NIS2) 2022 21 |
|
Cybersecurity risk-management measures |
Shared |
n/a |
Requires essential and important entities to take appropriate measures to manage cybersecurity risks. |
|
193 |
| EU_GDPR_2016_679_Art. |
24 |
EU_GDPR_2016_679_Art._24 |
EU General Data Protection Regulation (GDPR) 2016/679 Art. 24 |
Chapter 4 - Controller and processor |
Responsibility of the controller |
Shared |
n/a |
n/a |
|
310 |
| EU_GDPR_2016_679_Art. |
25 |
EU_GDPR_2016_679_Art._25 |
EU General Data Protection Regulation (GDPR) 2016/679 Art. 25 |
Chapter 4 - Controller and processor |
Data protection by design and by default |
Shared |
n/a |
n/a |
|
310 |
| EU_GDPR_2016_679_Art. |
28 |
EU_GDPR_2016_679_Art._28 |
EU General Data Protection Regulation (GDPR) 2016/679 Art. 28 |
Chapter 4 - Controller and processor |
Processor |
Shared |
n/a |
n/a |
|
310 |
| EU_GDPR_2016_679_Art. |
32 |
EU_GDPR_2016_679_Art._32 |
EU General Data Protection Regulation (GDPR) 2016/679 Art. 32 |
Chapter 4 - Controller and processor |
Security of processing |
Shared |
n/a |
n/a |
|
310 |
| FBI_Criminal_Justice_Information_Services_v5.9.5_5 |
.1 |
FBI_Criminal_Justice_Information_Services_v5.9.5_5.1 |
FBI Criminal Justice Information Services (CJIS) v5.9.5 5.1 |
Policy and Implementation - Systems And Communications Protection |
Systems And Communications Protection |
Shared |
In addition, applications, services, or information systems must have the capability to ensure system integrity through the detection and protection against unauthorized changes to software and information. |
Examples of systems and communications safeguards range from boundary and transmission protection to securing an agency's virtualized environment. |
|
110 |
| FBI_Criminal_Justice_Information_Services_v5.9.5_5 |
.4 |
FBI_Criminal_Justice_Information_Services_v5.9.5_5.4 |
404 not found |
|
|
|
n/a |
n/a |
|
42 |
| HITRUST_CSF_v11.3 |
06.c |
HITRUST_CSF_v11.3_06.c |
HITRUST CSF v11.3 06.c |
Compliance with Legal Requirements |
Prevent loss, destruction and falsification of important records in accordance with statutory, regulatory, contractual, and business requirements. |
Shared |
1. Guidelines are to be issued and implemented by the organization on the ownership, classification, retention, storage, handling, and disposal of all records and information.
2. Accountings of disclosure as organizational records are to be documented and maintained for a pre-defined period. |
Important records shall be protected from loss, destruction, and falsification, in accordance with statutory, regulatory, contractual, and business requirements. |
|
26 |
| HITRUST_CSF_v11.3 |
09.ac |
HITRUST_CSF_v11.3_09.ac |
HITRUST CSF v11.3 09.ac |
Monitoring |
Protect logging systems and log information against tampering and unauthorized access. |
Shared |
1. To prevent unauthorized access and tampering, access to logging systems and log information is to be restricted and protected.
2. Authorized and unauthorized access attempts to audit system is to be logged and modification of audit trails of access to the audit system is to be disallowed.
3. File-integrity monitoring or change-detection software on logs is to implemented and alerts to be generated to change any existing log data.
4. External-facing technology logs on are to be stored on an internal network server. |
Logging systems and log information shall be protected against tampering and unauthorized access. |
|
4 |
| ISO_IEC_27002_2022 |
8.15 |
ISO_IEC_27002_2022_8.15 |
ISO IEC 27002 2022 8.15 |
Detection Control |
Logging |
Shared |
Logs that record activities, exceptions, faults and other relevant events should be produced, stored, protected and analysed.
|
To record events, generate evidence, ensure the integrity of log information, prevent against unauthorized access, identify information security events that can lead to an information security incident and to support investigations. |
|
30 |
| NIST_SP_800-171_R3_3 |
.13.8 |
NIST_SP_800-171_R3_3.13.8 |
NIST 800-171 R3 3.13.8 |
System and Communications Protection Control |
Transmission and Storage Confidentiality |
Shared |
This requirement applies to internal and external networks and any system components that can transmit CUI, including servers, notebook computers, desktop computers, mobile devices, printers, copiers, scanners, facsimile machines, and radios. Unprotected communication paths are susceptible to interception and modification. Encryption protects CUI from unauthorized disclosure during transmission and while in storage. Cryptographic mechanisms that protect the confidentiality of CUI during transmission include TLS and IPsec. Information in storage (i.e. information at rest) refers to the state of CUI when it is not in process or in transit and resides on internal or external storage devices, storage area network devices, and databases. Protecting CUI in storage does not focus on the type of storage device or the frequency of access to that device but rather on the state of the information. This requirement relates to 03.13.11. |
Implement cryptographic mechanisms to prevent the unauthorized disclosure of CUI during transmission and while in storage. |
|
12 |
| NIST_SP_800-171_R3_3 |
.3.8 |
NIST_SP_800-171_R3_3.3.8 |
404 not found |
|
|
|
n/a |
n/a |
|
4 |
| NIST_SP_800-53_R5.1.1 |
AU.9 |
NIST_SP_800-53_R5.1.1_AU.9 |
NIST SP 800-53 R5.1.1 AU.9 |
Audit and Accountability Control |
Protection of Audit Information |
Shared |
a. Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and
b. Alert [Assignment: organization-defined personnel or roles] upon detection of unauthorized access, modification, or deletion of audit information. |
Audit information includes all information needed to successfully audit system activity, such as audit records, audit log settings, audit reports, and personally identifiable information. Audit logging tools are those programs and devices used to conduct system audit and logging activities. Protection of audit information focuses on technical protection and limits the ability to access and execute audit logging tools to authorized individuals. Physical protection of audit information is addressed by both media protection controls and physical and environmental protection controls. |
|
4 |
| NIST_SP_800-53_R5.1.1 |
SC.28.1 |
NIST_SP_800-53_R5.1.1_SC.28.1 |
NIST SP 800-53 R5.1.1 SC.28.1 |
System and Communications Protection |
Protection of Information at Rest | Cryptographic Protection |
Shared |
Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of the following information at rest on [Assignment: organization-defined system components or media]: [Assignment: organization-defined information]. |
The selection of cryptographic mechanisms is based on the need to protect the confidentiality and integrity of organizational information. The strength of mechanism is commensurate with the security category or classification of the information. Organizations have the flexibility to encrypt information on system components or media or encrypt data structures, including files, records, or fields. |
|
9 |
| NZISM_v3.7 |
14.3.10.C.01. |
NZISM_v3.7_14.3.10.C.01. |
NZISM v3.7 14.3.10.C.01. |
Web Applications |
14.3.10.C.01. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. |
Shared |
n/a |
Agencies SHOULD implement allow listing for all HTTP traffic being communicated through their gateways. |
|
24 |
| NZISM_v3.7 |
14.3.10.C.02. |
NZISM_v3.7_14.3.10.C.02. |
NZISM v3.7 14.3.10.C.02. |
Web Applications |
14.3.10.C.02. - maintain control over network traffic and reduces the likelihood of exposure to malicious content or activities. |
Shared |
n/a |
Agencies using an allow list on their gateways to specify the external addresses, to which encrypted connections are permitted, SHOULD specify allow list addresses by domain name or IP address. |
|
23 |
| NZISM_v3.7 |
16.6.10.C.01. |
NZISM_v3.7_16.6.10.C.01. |
NZISM v3.7 16.6.10.C.01. |
Event Logging and Auditing |
16.6.10.C.01. - enhance system security and accountability. |
Shared |
n/a |
Agencies SHOULD log the events listed in the table below for specific software components.
1. Database -
a. System user access to the database.
b. Attempted access that is denied
c. Changes to system user roles or database rights.
d. Addition of new system users, especially privileged users
e. Modifications to the data.
f. Modifications to the format or structure of the database
2. Network/operating system
a. Successful and failed attempts to logon and logoff.
b. Changes to system administrator and system user accounts.
c. Failed attempts to access data and system resources.
d. Attempts to use special privileges.
e. Use of special privileges.
f. System user or group management.
g. Changes to the security policy.
h. Service failures and restarts.
i.System startup and shutdown.
j. Changes to system configuration data.
k. Access to sensitive data and processes.
l. Data import/export operations.
3. Web application
a. System user access to the Web application.
b. Attempted access that is denied.
c. System user access to the Web documents.
d. Search engine queries initiated by system users. |
|
33 |
| NZISM_v3.7 |
16.6.10.C.02. |
NZISM_v3.7_16.6.10.C.02. |
NZISM v3.7 16.6.10.C.02. |
Event Logging and Auditing |
16.6.10.C.02. - enhance system security and accountability. |
Shared |
n/a |
Agencies SHOULD log, at minimum, the following events for all software components:
1. user login;
2. all privileged operations;
3. failed attempts to elevate privileges;
4. security related system alerts and failures;
5. system user and group additions, deletions and modification to permissions; and
6. unauthorised or failed access attempts to systems and files identified as critical to the agency. |
|
50 |
| NZISM_v3.7 |
16.6.11.C.01. |
NZISM_v3.7_16.6.11.C.01. |
NZISM v3.7 16.6.11.C.01. |
Event Logging and Auditing |
16.6.11.C.01. - enhance system security and accountability. |
Shared |
n/a |
For each event identified as needing to be logged, agencies MUST ensure that the log facility records at least the following details, where applicable:
1. date and time of the event;
2. relevant system user(s) or processes;
3. event description;
4. success or failure of the event;
5. event source (e.g. application name); and
6. IT equipment location/identification. |
|
50 |
| NZISM_v3.7 |
16.6.12.C.01. |
NZISM_v3.7_16.6.12.C.01. |
NZISM v3.7 16.6.12.C.01. |
Event Logging and Auditing |
16.6.12.C.01. - maintain integrity of the data. |
Shared |
n/a |
Event logs MUST be protected from:
1. modification and unauthorised access; and
2. whole or partial loss within the defined retention period. |
|
50 |
| NZISM_v3.7 |
16.6.12.C.02. |
NZISM_v3.7_16.6.12.C.02. |
NZISM v3.7 16.6.12.C.02. |
Event Logging and Auditing |
16.6.12.C.02. - enhance system security and accountability. |
Shared |
n/a |
Agencies MUST configure systems to save event logs to separate secure servers as soon as possible after each event occurs. |
|
2 |
| NZISM_v3.7 |
16.6.12.C.03. |
NZISM_v3.7_16.6.12.C.03. |
NZISM v3.7 16.6.12.C.03. |
Event Logging and Auditing |
16.6.12.C.03. - maintain integrity of the data. |
Shared |
n/a |
Agencies SHOULD ensure that:
1. systems are configured to save event logs to a separate secure log server; and
2. event log data is archived in a manner that maintains its integrity. |
|
2 |
| NZISM_v3.7 |
16.6.13.C.01. |
NZISM_v3.7_16.6.13.C.01. |
NZISM v3.7 16.6.13.C.01. |
Event Logging and Auditing |
16.6.13.C.01. - maintain integrity of the data. |
Shared |
n/a |
Event logs MUST be archived and retained for an appropriate period as determined by the agency. |
|
2 |
| NZISM_v3.7 |
16.6.13.C.02. |
NZISM_v3.7_16.6.13.C.02. |
NZISM v3.7 16.6.13.C.02. |
Event Logging and Auditing |
16.6.13.C.02. - maintain transparency, integrity, and legality in handling sensitive information and mitigate potential risks associated with data breaches or unauthorized access. |
Shared |
n/a |
Disposal or archiving of DNS, proxy, event, systems and other operational logs MUST be in accordance with the provisions of the relevant legislation. |
|
2 |
| NZISM_v3.7 |
16.6.6.C.01. |
NZISM_v3.7_16.6.6.C.01. |
NZISM v3.7 16.6.6.C.01. |
Event Logging and Auditing |
16.6.6.C.01. - enhance security and reduce the risk of unauthorized access or misuse. |
Shared |
n/a |
Agencies MUST maintain system management logs for the life of a system. |
|
50 |
| NZISM_v3.7 |
16.6.7.C.01. |
NZISM_v3.7_16.6.7.C.01. |
NZISM v3.7 16.6.7.C.01. |
Event Logging and Auditing |
16.6.7.C.01. - facilitate effective monitoring, troubleshooting, and auditability of system operations. |
Shared |
n/a |
A system management log SHOULD record the following minimum information:
1. all system start-up and shutdown;
2. service, application, component or system failures;
3. maintenance activities;
4. backup and archival activities;
5. system recovery activities; and
6. special or out of hours activities. |
|
50 |
| NZISM_v3.7 |
16.6.9.C.01. |
NZISM_v3.7_16.6.9.C.01. |
NZISM v3.7 16.6.9.C.01. |
Event Logging and Auditing |
16.6.9.C.01. - enhance system security and accountability. |
Shared |
n/a |
Agencies MUST log, at minimum, the following events for all software components:
1. logons;
2. failed logon attempts;
3. logoffs;
4 .date and time;
5. all privileged operations;
6. failed attempts to elevate privileges;
7. security related system alerts and failures;
8. system user and group additions, deletions and modification to permissions; and
9. unauthorised or failed access attempts to systems and files identified as critical to the agency. |
|
48 |
| NZISM_v3.7 |
19.1.20.C.01. |
NZISM_v3.7_19.1.20.C.01. |
NZISM v3.7 19.1.20.C.01. |
Gateways |
19.1.20.C.01. - reduce the risk of unauthorized access or misuse. |
Shared |
n/a |
Agencies MUST authenticate system users to all classified networks accessed through gateways. |
|
24 |
| NZISM_v3.7 |
19.1.20.C.02. |
NZISM_v3.7_19.1.20.C.02. |
NZISM v3.7 19.1.20.C.02. |
Gateways |
19.1.20.C.02. - reduce the risk of unauthorized access or misuse. |
Shared |
n/a |
Agencies MUST ensure that only authenticated and authorised system users can use the gateway. |
|
15 |
| NZISM_v3.7 |
19.1.20.C.03. |
NZISM_v3.7_19.1.20.C.03. |
NZISM v3.7 19.1.20.C.03. |
Gateways |
19.1.20.C.03. - reduce the risk of unauthorized access or misuse. |
Shared |
n/a |
Agencies SHOULD use multi-factor authentication for access to networks and gateways. |
|
9 |
| PCI_DSS_v4.0.1 |
10.3.2 |
PCI_DSS_v4.0.1_10.3.2 |
PCI DSS v4.0.1 10.3.2 |
Log and Monitor All Access to System Components and Cardholder Data |
Protection of Audit Logs |
Shared |
n/a |
Audit log files are protected to prevent modifications by individuals. |
|
4 |
| PCI_DSS_v4.0.1 |
11.5.2 |
PCI_DSS_v4.0.1_11.5.2 |
PCI DSS v4.0.1 11.5.2 |
Test Security of Systems and Networks Regularly |
Change-Detection Mechanism Deployment |
Shared |
n/a |
A change-detection mechanism (for example, file integrity monitoring tools) is deployed as follows:
• To alert personnel to unauthorized modification (including changes, additions, and deletions) of critical files.
• To perform critical file comparisons at least once weekly. |
|
31 |
| PCI_DSS_v4.0.1 |
3.5.1.2 |
PCI_DSS_v4.0.1_3.5.1.2 |
PCI DSS v4.0.1 3.5.1.2 |
Protect Stored Account Data |
If disk-level or partition-level encryption (rather than file-, column-, or field-level database encryption) is used to render PAN unreadable, it is implemented only as follows: on removable electronic media OR if used for non-removable electronic media, PAN is also rendered unreadable via another mechanism that meets Requirement 3.5.1 |
Shared |
n/a |
Examine encryption processes to verify that, if disk-level or partition-level encryption is used to render PAN unreadable, it is implemented only as follows: on removable electronic media, OR if used for non-removable electronic media, examine encryption processes used to verify that PAN is also rendered unreadable via another method that meets Requirement 3.5.1. Examine configurations and/or vendor documentation and observe encryption processes to verify the system is configured according to vendor documentation the result is that the disk or the partition is rendered unreadable |
|
9 |
| RBI_CSF_Banks_v2016 |
6.4 |
RBI_CSF_Banks_v2016_6.4 |
|
Application Security Life Cycle (Aslc) |
Application Security Life Cycle (Aslc)-6.4 |
|
n/a |
Besides business functionalities, security requirements relating to system access
control, authentication, transaction authorization, data integrity, system activity
logging, audit trail, session management, security event tracking and exception
handling are required to be clearly specified at the initial and ongoing stages of
system development/acquisition/implementation. |
|
13 |
| RBI_ITF_NBFC_v2017 |
3.1.g |
RBI_ITF_NBFC_v2017_3.1.g |
RBI IT Framework 3.1.g |
Information and Cyber Security |
Trails-3.1 |
|
n/a |
The IS Policy must provide for a IS framework with the following basic tenets:
Trails- NBFCs shall ensure that audit trails exist for IT assets satisfying its business requirements including regulatory and legal requirements, facilitating audit, serving as forensic evidence when required and assisting in dispute resolution. If an employee, for instance, attempts to access an unauthorized section, this improper activity should be recorded in the audit trail. |
link |
36 |
| RMiT_v1.0 |
10.66 |
RMiT_v1.0_10.66 |
RMiT 10.66 |
Security of Digital Services |
Security of Digital Services - 10.66 |
Shared |
n/a |
A financial institution must implement robust technology security controls in providing digital services which assure the following:
(a) confidentiality and integrity of customer and counterparty information and transactions;
(b) reliability of services delivered via channels and devices with minimum disruption to services;
(c) proper authentication of users or devices and authorisation of transactions;
(d) sufficient audit trail and monitoring of anomalous transactions;
(e) ability to identify and revert to the recovery point prior to incident or service disruption; and
(f) strong physical control and logical control measures |
link |
31 |
| SOC_2023 |
CC2.3 |
SOC_2023_CC2.3 |
SOC 2023 CC2.3 |
Information and Communication |
Facilitate effective internal communication. |
Shared |
n/a |
Entity to communicate with external parties regarding matters affecting the functioning of internal control. |
|
218 |
| SOC_2023 |
CC5.3 |
SOC_2023_CC5.3 |
SOC 2023 CC5.3 |
Control Activities |
Maintain alignment with organizational objectives and regulatory requirements. |
Shared |
n/a |
Entity deploys control activities through policies that establish what is expected and in procedures that put policies into action by establishing Policies and Procedures to Support Deployment of Management’s Directives, Responsibility and Accountability for Executing Policies and Procedures, perform tasks in a timely manner, taking corrective actions, perform using competent personnel and reassess policies and procedures. |
|
229 |
| SOC_2023 |
CC6.1 |
SOC_2023_CC6.1 |
SOC 2023 CC6.1 |
Logical and Physical Access Controls |
Mitigate security events and ensuring the confidentiality, integrity, and availability of critical information assets. |
Shared |
n/a |
Entity implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity's objectives by identifying and managing the inventory of information assets, restricting logical access, identification and authentication of users, consider network segmentation, manage points of access, restricting access of information assets, managing identification and authentication, managing credentials for infrastructure and software, using encryption to protect data and protect using encryption keys. |
|
128 |
| SOC_2023 |
CC7.4 |
SOC_2023_CC7.4 |
SOC 2023 CC7.4 |
Systems Operations |
Effectively manage security incidents, minimize their impact, and protect assets, operations, and reputation. |
Shared |
n/a |
The entity responds to identified security incidents by:
a. Executing a defined incident-response program to understand, contain, remediate, and communicate security incidents by assigning roles and responsibilities;
b. Establishing procedures to contain security incidents;
c. Mitigating ongoing security incidents, End Threats Posed by Security Incidents;
d. Restoring operations;
e. Developing and Implementing Communication Protocols for Security Incidents;
f. Obtains Understanding of Nature of Incident and Determines Containment Strategy;
g. Remediation Identified Vulnerabilities;
h. Communicating Remediation Activities; and,
i. Evaluating the Effectiveness of Incident Response and periodic incident evaluations. |
|
213 |
| SWIFT_CSCF_2024 |
2.9 |
SWIFT_CSCF_2024_2.9 |
SWIFT Customer Security Controls Framework 2024 2.9 |
Transaction Controls |
Transaction Business Controls |
Shared |
1. Implementing business controls that restrict Swift transactions to the fullest extent possible reduces the opportunity for the sending (outbound) and, optionally, receiving (inbound) of fraudulent transactions.
2. These restrictions are best determined through an analysis of normal business activity. Parameters can then be set to restrict business to acceptable thresholds based on “normal” activity. |
To ensure outbound transaction activity within the expected bounds of normal business. |
|
25 |
| SWIFT_CSCF_v2022 |
6.4 |
SWIFT_CSCF_v2022_6.4 |
SWIFT CSCF v2022 6.4 |
6. Detect Anomalous Activity to Systems or Transaction Records |
Record security events and detect anomalous actions and operations within the local SWIFT environment. |
Shared |
n/a |
Capabilities to detect anomalous activity are implemented, and a process or tool is in place to keep and review logs. |
link |
50 |
| UK_NCSC_CAF_v3.2 |
C1.b |
UK_NCSC_CAF_v3.2_C1.b |
NCSC Cyber Assurance Framework (CAF) v3.2 C1.b |
Security Monitoring |
Securing Logs |
Shared |
1. The integrity of logging data is protected, or any modification is detected and attributed.
2. The logging architecture has mechanisms, processes and procedures to ensure that it can protect itself from threats comparable to those it is trying to identify. This includes protecting the function itself, and the data within it.
3. Log data analysis and normalisation is only performed on copies of the data keeping the master copy unaltered.
4. Logging datasets are synchronised, using an accurate common time source, so that separate datasets can be correlated in different ways.
5. Access to logging data is limited to those with business need and no others.
6. All actions involving all logging data (e.g. copying, deleting or modification, or even viewing) can be traced back to a unique user.
7. Legitimate reasons for accessing logging data are given in use policies. |
Hold logging data securely and grant read access only to accounts with business need. No employee should ever need to modify or delete logging data within an agreed retention period, after which it should be deleted. |
|
11 |