The current version of this table is built on Version 7.1 of the CIS Controls. A mapping to Version 8 of the CIS Controls will be completed in 2022.
Summary Reports
Implementation Group 1
|
Report Name |
Report ID |
Control Support |
Data Source |
Log Sources |
|---|---|---|---|---|
|
CCF: Access Failure Summary |
2089 |
13.2, 14.6 |
Platform Manager |
All Available Log Sources |
|
CCF: Access Success Summary |
2091 |
13.2, 14.6 |
Platform Manager |
All Available Log Sources |
|
CCF: Account Disabled Summary |
2084 |
16.8, 16.9 |
LogMart |
All Available Log Sources |
|
CCF: Applications Accessed By User Summary |
2063 |
2.6 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Audit Log Summary |
2076 |
6.2 |
Platform Manager |
All Available Log Sources |
|
CCF: Auth Failure Summary |
2088 |
14.6, 16.8 |
Platform Manager |
All Available Log Sources |
|
CCF: Auth Success Summary |
2090 |
14.6 |
Platform Manager |
All Available Log Sources |
|
CCF: Backup Activity Summary |
2062 |
10.1, 10.2 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Compromises Detected Summary |
2064 |
8.4, 11.4 |
LogMart |
All Available Log Sources |
|
CCF: Config/Policy Change Summary |
2049 |
5.1 |
LogMart |
All Available Log Sources |
|
CCF: Critical Environment Error Summary |
2050 |
5.1 |
Platform Manager |
All Available Log Sources |
|
CCF: Malware Detected Summary |
2051 |
7.7, 8.2, 8.4 |
Platform Manager |
All Available Log Sources |
|
CCF: Object Access Summary |
2067 |
6.2, 13.1, 13.2, 14.6 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Patch Activity Summary |
2052 |
3.4, 3.5, 5.1 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Priv Account Management Activity Summary |
2080 |
4.3 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Priv Authentication Activity Summary |
2079 |
4.3 |
Platform Manager |
All Available Log Sources |
|
CCF: Rogue Access Point Summary |
2054 |
12.1, 15.10 |
Platform Manager |
All Available Log Sources |
|
CCF: Signature Activity Summary |
2055 |
5.1, 8.2 |
LogMart |
All Available Log Sources |
|
CCF: Social Media Summary |
2070 |
4.3 |
Platform Manager |
All Available Log Sources |
|
CCF: Suspected Wireless Attack Summary |
2056 |
11.4 |
Platform Manager |
All Available Log Sources |
|
CCF: Term Account Activity Summary |
2087 |
16.8, 16.9 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Top Suspicious Users |
2059 |
17.3, 17.5, 17.6, 17.7, 17.8, 17.9 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Use Of Non-Encrypted Protocols Summary |
2060 |
7.1, 12.4, 13.6, 15.7 |
LogMart |
All Available Log Sources |
|
CCF: User Misuse Summary |
2061 |
4.3, 15.10, 17.3 |
Platform Manager |
All Available Log Sources |
|
CCF: User Object Access Summary |
2068 |
6.2, 13.1, 13.2, 14.6 |
Data Processor(s) |
All Available Log Sources |
|
CCF: User Priv Escalation (SU & SUDO) Summary |
2078 |
4.3 |
Data Processor(s) |
All Available Log Sources |
|
CCF: User Priv Escalation (Windows) Summary |
2077 |
4.3 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Vulnerability Detected Summary |
2058 |
2.2, 3.4, 3.5, 8.2, 11.4 |
Platform Manager |
All Available Log Sources |
|
CCF: New Network Host Summary |
2101 |
1.4, 1.6 |
Data Processor(s) |
All Available Log Sources |
Implementation Group 2
|
Report Name |
Report ID |
Control Support |
Data Source |
Log Sources |
|---|---|---|---|---|
|
CCF: Access Failure Summary |
2089 |
4.7, 4.9, 16.6, 16.7, 16.12 |
Platform Manager |
All Available Log Sources |
|
CCF: Access Success Summary |
2091 |
4.1, 4.5, 4.7, 16.6, 16.7, 16.10, 20.8 |
Platform Manager |
All Available Log Sources |
|
CCF: Account Disabled Summary |
2084 |
4.1, 16.6, 16.7, 16.10, 16.12 |
LogMart(s) |
All Available Log Sources |
|
CCF: Applications Accessed By User Summary |
2063 |
2.3, 2.4, 18.3, 18.8 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Audit Log Summary |
2076 |
1.3, 4.9, 6.3, 6.4, 6.5, 6.6, 6.7, 7.6, 8.6, 8.7, 8.8 |
Platform Manager |
All Available Log Sources |
|
CCF: Auth Failure Summary |
2088 |
4.1, 4.7, 4.9, 16.10, 16.12 |
Platform Manager |
All Available Log Sources |
|
CCF: Auth Success Summary |
2090 |
4.1, 4.5, 4.7, 16.6, 16.7, 16.10, 16.12, 20.8 |
Platform Manager |
All Available Log Sources |
|
CCF: Backup Activity Summary |
2062 |
10.3 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Compromises Detected Summary |
2064 |
1.7, 3.1, 3.2, 3.6, 8.1, 8.6, 9.3, 12.3, 12.6, 15.1 |
LogMart(s) |
All Available Log Sources |
|
CCF: Config/Policy Change Summary |
2049 |
4.8, 5.4, 5.5, 11.2, 11.3 |
LogMart(s) |
All Available Log Sources |
|
CCF: Critical Environment Error Summary |
2050 |
10.3, 18.11, 20.4 |
Platform Manager |
All Available Log Sources |
|
CCF: LogRhythm Data Loss Defender Log Summary |
2066 |
5.3, 13.7 |
LogMart(s) |
All Available Log Sources |
|
CCF: Malware Detected Summary |
2051 |
3.1, 3.6, 8.1, 8.6, 12.3, 12.6 |
Platform Manager |
All Available Log Sources |
|
CCF: New Network Host Summary |
2101 |
1.5 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Object Access Summary |
2067 |
4.7, 5.3 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Patch Activity Summary |
2052 |
3.1, 3.2, 18.3 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Priv Account Management Activity Summary |
2080 |
4.1, 4.5, 4.8, 4.9, 16.10, 16.12 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Priv Authentication Activity Summary |
2079 |
4.1, 4.5, 4.8, 4.9, 16.10, 16.12 |
Platform Manager |
All Available Log Sources |
|
CCF: Rogue Access Point Summary |
2054 |
1.7, 15.1, 15.2 |
Platform Manager |
All Available Log Sources |
|
CCF: Signature Activity Summary |
2055 |
3.1, 3.2, 3.6, 8.1, 8.6 |
LogMart(s) |
All Available Log Sources |
|
CCF: Social Media Summary |
2070 |
3.3, 7.6, 11.6, 20.8 |
Platform Manager |
All Available Log Sources |
|
CCF: Suspected Wireless Attack Summary |
2056 |
3.1, 7.4, 8.1, 8.6, 9.2, 12.2, 12.3, 15.1, 15.3, 15.6, 15.9 |
Platform Manager |
All Available Log Sources |
|
CCF: Term Account Activity Summary |
2087 |
16.6, 16.7, 16.10, 16.12 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Time Sync Error Summary |
683 |
6.1 |
Platform Manager |
All Available Log Sources |
|
CCF: Top Suspicious Users |
2059 |
4.1, 4.8, 16.6, 16.7, 17.1, 20.6, 20.8 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Use Of Non-Encrypted Protocols Summary |
2060 |
11.5, 14.4, 16.5, 18.5 |
LogMart(s) |
All Available Log Sources |
|
CCF: User Misuse Summary |
2061 |
3.3, 4.1, 11.6, 16.6, 16.7, 16.10, 16.12, 17.1, 20.6, 20.8 |
Platform Manager |
All Available Log Sources |
|
CCF: User Object Access Summary |
2068 |
3.3, 5.3, 7.9, 11.6, 13.4, 13.7, 17.1, 18.9, 20.4 |
Data Processor(s) |
All Available Log Sources |
|
CCF: User Priv Escalation (SUDO) Summary |
2078 |
4.1, 4.8, 4.9, 11.6, 16.7, 16.12, 20.8 |
Data Processor(s) |
All Available Log Sources |
|
CCF: User Priv Escalation (Windows) Summary |
2077 |
4.1, 4.8, 4.9, 11.6, 16.7, 16.12, 20.8 |
Data Processor(s) |
All Available Log Sources |
|
CCF: Vulnerability Detected Summary |
2058 |
1.7, 3.1, 3.2, 3.6, 8.6, 12.3, 12.6, 18.10, 20.6 |
Platform Manager |
All Available Log Sources |
Implementation Group 3
|
Report Name |
Report ID |
Control Support |
Data Source |
Log Sources |
|---|---|---|---|---|
|
CCF: Top Suspicious Users |
2059 |
16.13 |
Data Processor(s) |
All Log Sources |
|
CCF: User Object Access Summary |
2068 |
13.3, 13.5, 14.5, 14.9 |
Data Processor(s) |
All Log Sources |
|
CCF: Use Of Non-Encrypted Protocols Summary |
2060 |
1.8, 12.10, 13.9, 14.8, 15.8 |
LogMart(s) |
All Log Sources |
|
CCF: Auth Success Summary |
2090 |
16.13 |
Platform Manager |
All Log Sources |
|
CCF: LogRhythm Data Loss Defender Log Summary |
2066 |
13.3, 13.5, 14.5, 14.9 |
LogMart(s) |
All Log Sources |
|
CCF: Object Access Summary |
2067 |
13.3, 13.5, 14.5, 14.9 |
Data Processor(s) |
All Log Sources |
|
CCF: Auth Failure Summary |
2088 |
16.13 |
Platform Manager(s) |
All Log Sources |
|
CCF: Config/Policy Change Summary |
2049 |
14.9 |
LogMart(s) |
All Log Sources |
Detailed Reports
The Intelligent Indexing settings are recommendations. The default configuration is No.
Implementation Group 1
|
Report Name |
Report Description |
Control Support |
Data Source |
Intelligent Indexing |
Classification |
Log Sources |
Report ID |
|---|---|---|---|---|---|---|---|
|
CCF: Account Deleted Summary |
This report provides detailed information when an account has access revoked (deleted) across any logged environments. This should align with the organization's policies regarding deleted accounts. |
16.9 |
Platform Manager |
Yes |
Audit |
All Available Log Sources |
2086 |
|
CCF: Account Enabled Summary |
This report provides detailed information when an account has access granted across any logged environments. This should align with the organization's policies regarding enabled accounts. |
4.3, 16.9 |
Platform Manager |
Yes |
Audit |
All Available Log Sources |
2085 |
|
CCF: Account Modification Summary |
This report provides summary information around account modifications across all logged environments. |
4.3, 14.6 |
Platform Manager |
Yes |
Audit |
All Available Log Sources |
2092 |
|
CCF: Host Access Granted And Revoked Detail |
This report details all access granted and revoked for production systems. |
4.3, 5.1, 15.10 |
Data Processor(s) |
Yes |
Audit |
All Available Log Sources |
2065 |
|
CCF: Unknown User Account Detail |
This report provides details of activity from unknown user accounts, based off CCF user lists. |
16.8 |
Data Processor(s) |
Yes |
Security |
All Available Log Sources |
2071 |
Implementation Group 2
|
Report Name |
Report Description |
Control Support |
Data Source |
Intelligent Indexing |
Classification |
Log Sources |
Report ID |
|---|---|---|---|---|---|---|---|
|
CCF: Account Deleted Summary |
This report provides detailed information when an account has access revoked (deleted) across any logged environments. This should align with the organization's policies regarding deleted accounts. |
16.7, 16.10, 16.12 |
Platform Manager |
Yes |
Audit |
All Available Log Sources |
2086 |
|
CCF: Account Enabled Summary |
This report provides detailed information when an account has access granted across any logged environments. This should align with the organization's policies regarding enabled accounts. |
3.3, 4.5, 4.7, 16.7, 16.10, 16.12, 20.8 |
Platform Manager |
Yes |
Audit |
All Available Log Sources |
2085 |
|
CCF: Account Modification Summary |
This report provides summary information around account modifications across all logged environments. |
3.3, 4.1, 4.7, 4.8, 4.9, 16.6, 16.7, 16.10, 16.12, 20.8 |
Platform Manager |
Yes |
Audit |
All Available Log Sources |
2092 |
|
CCF: Host Access Granted And Revoked Detail |
This report details all access granted and revoked for production systems. |
11.6, 16.7, 16.10 |
Data Processor(s) |
Yes |
Audit |
All Available Log Sources |
2065 |
|
CCF: Unknown User Account Detail |
This report provides details of activity from unknown user accounts, based off CCF user lists. |
4.1, 4.8, 4.9, 16.6 |
Data Processor(s) |
Yes |
Security |
All Available Log Sources |
2071 |
Implementation Group 3
N/A
Reporting Packages
|
Report Package Name |
Report Package Description |
Report Package ID |
|---|---|---|
|
CCF: Daily IT Operations Reporting Package |
This reporting package is a template to deliver pertinent content for IT Operations on a daily basis. |
89 |
|
CCF: Daily IT Security Reporting Package |
This reporting package is a template to deliver pertinent content for IT Security on a daily basis. |
90 |
|
CCF: Executive Reporting Package |
This reporting package is a template to deliver pertinent content for Executives on a monthly basis. |
87 |
|
CCF: Weekly Audit Reporting Package |
This reporting package is a template to deliver pertinent content for Internal and/or External Audit groups on a weekly basis. |
88 |