MAS-TRMG – Requirements
| Control Description | Support | AIE Rules/Alerts | Investigations | Reports |
|---|---|---|---|---|
| 4.0.2: Effective risk management practices and internal controls are instituted to achieve data confidentiality, system security, reliability, resiliency and recoverability in the organisation. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule MAS: Critical Environment Error Alert MAS: Production Environment Error Alert MAS: LogRhythm Silent Log Source Error Alert MAS: Backup Failure/Error Alert MAS: FIM Critical/Error/Information Alert MAS: Time Sync Error Alert MAS: Critical/PRD Envir Config/Policy Change MAS: Critical/PRD Envir Patch Failure Alert MAS: Critical/PRD Envir Signature Fail Alert MAS: Acct Created, Used, Deleted Alert MAS: Malware Alert MAS: Vulnerability Detected Alert MAS: Attack Detected Alert MAS: Rogue Access Point Alert MAS: Non-Encrypted Protocol Alert MAS: Audit Log Cleared Alert MAS: Audit Log Write Failure Alert | MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Acct Created, Used, Deleted Inv MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Non-Encrypted Protocol Inv | MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: Time Sync Error Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Data Loss Prevention Summary MAS: Acct Created, Used, Deleted Summary MAS: Non-Encrypted Protocol Summary MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: FIM Activity Rule Detail MAS: Time Sync Error Detail MAS: Data Loss Prevention Detail MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Non-Encrypted Protocol Detail MAS: Acct Created, Used, Deleted Detail |
| 4.1.1: Information system assets are adequately protected from unauthorised access, misuse or fraudulent modification, insertion, deletion, substitution, suppression or disclosure. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule MAS: HR Payroll Acct Auth Failure Rule MAS: HR Payroll Acct Auth Success Rule MAS: HR Payroll Acct Accs Failure Rule MAS: HR Payroll Acct Accs Success Rule MAS: HR Payroll Acct Disable/Enable Rule MAS: HR Payroll Acct UAM MAS: Priv Acct Auth Failure Rule MAS: Priv Acct Auth Success Rule MAS: Priv Acct UAM Rule MAS: Priv Acct Access Success Rule MAS: Priv Acct Access Failure Rule MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule MAS: Default Acct Auth Failure Rule MAS: Default Acct Auth Success Rule MAS: Default Acct Access Failure Rule MAS: Default Acct Access Success Rule MAS: Default Acct Disabled/Enabled Rule MAS: Default Acct UAM Rule MAS: Shared Acct Auth Failure Rule MAS: Shared Acct Auth Success Rule MAS: Shared Acct Access Failure Rule MAS: Shared Acct Access Success Rule MAS: Shared Acct Disabled/Enabled Rule MAS: Shared Acct UAM Rule MAS: BU Acct Auth Failure Rule MAS: BU Acct Auth Success Rule MAS: BU Acct Access Failure Rule MAS: BU Acct Access Success Rule MAS: BU Acct Disabled/Enabled Rule MAS: BU Acct UAM Rule MAS: IT Acct Auth Failure Rule MAS: IT Acct Authentication Success Rule MAS: IT Acct Access Failure Rule MAS: IT Acct Access Success Rule MAS: IT Acct Disabled/Enabled Rule MAS: IT Acct UAM Rule | MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Acct Created, Used, Deleted Inv MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Non-Encrypted Protocol Inv MAS: Account Created Inv MAS: Priv Acct Auth Failure Inv MAS: Priv Acct Auth Success Inv MAS: Priv Acct UAM Inv MAS: Priv Acct Access Success Inv MAS: Priv Acct Access Failure Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Default Acct Authentication Failure Inv MAS: Default Acct Authentication Success Inv MAS: Default Acct Access Failure Inv MAS: Default Acct Access Success Inv MAS: Default Acct Disabled/Enabled Inv MAS: Default Acct UAM Inv MAS: Shared Acct Authentication Failure Inv MAS: Shared Acct Authentication Success Inv MAS: Shared Acct Access Failure Inv MAS: Shared Acct Access Success Inv MAS: Shared Acct Disabled/Enabled Inv MAS: Shared Acct UAM Inv MAS: BU Acct Authentication Failure Inv MAS: BU Acct Authentication Success Inv MAS: BU Acct Access Failure Inv MAS: BU Acct Access Success Inv MAS: BU Acct Disabled/Enabled Inv MAS: BU Acct UAM Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Auth Failure Inv MAS: HR Payroll Acct Auth Success Inv MAS: HR Payroll Acct Accs Failure Inv MAS: HR Payroll Acct Accs Success Inv MAS: HR Payroll Acct Disable/Enable Inv MAS: HR Payroll Acct UAM Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: Time Sync Error Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Data Loss Prevention Summary MAS: Acct Created, Used, Deleted Summary MAS: Non-Encrypted Protocol Summary MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Account Created Summary MAS: Usage Auditing Activity Summary MAS: Priv Acct Auth Failure Summary MAS: Priv Acct Auth Success Summary MAS: Priv Acct UAM Summary MAS: Priv Acct Access Success Summary MAS: Priv Acct Access Failure Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Default Acct Authentication Failure Summary MAS: Default Acct Authentication Success Summary MAS: Default Acct Access Failure Summary MAS: Default Acct Access Success Summary MAS: Default Acct Disabled/Enabled Summary MAS: Default Acct UAM Summary MAS: Shared Acct Authentication Failure Summary MAS: Shared Acct Authentication Success Summary MAS: Shared Acct Access Failure Summary MAS: Shared Acct Access Success Summary MAS: Shared Acct Disabled/Enabled Summary MAS: Shared Acct UAM Summary MAS: BU Acct Authentication Failure Summary MAS: BU Acct Authentication Success Summary MAS: BU Acct Access Failure Summary MAS: BU Acct Access Success Summary MAS: BU Acct Disabled/Enabled Summary MAS: BU Acct UAM Summary MAS: IT Acct Authentication Failure Summary MAS: IT Acct Authentication Success Summary MAS: IT Acct Access Failure Summary MAS: IT Acct Access Success Summary MAS: IT Acct Disabled/Enabled Summary MAS: IT Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Auth Failure Summary MAS: HR Payroll Acct Auth Success Summary MAS: HR Payroll Acct Accs Failure Summary MAS: HR Payroll Acct Accs Success Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: HR Payroll Acct UAM Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: FIM Activity Rule Detail MAS: Time Sync Error Detail MAS: Data Loss Prevention Detail MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Non-Encrypted Protocol Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Priv Acct Auth Failure Detail MAS: Priv Acct Auth Success Detail MAS: Priv Acct UAM Detail MAS: Priv Acct Access Success Detail MAS: Priv Acct Access Failure Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Default Acct Authentication Failure Detail MAS: Default Acct Authentication Success Detail MAS: Default Acct Access Failure Detail MAS: Default Acct Access Success Detail MAS: Default Acct Disabled/Enabled Detail MAS: Default Acct UAM Detail MAS: Shared Acct Authentication Failure Detail MAS: Shared Acct Authentication Success Detail MAS: Shared Acct Access Failure Detail MAS: Shared Acct Access Success Detail MAS: Shared Acct Disabled/Enabled Detail MAS: Shared Acct UAM Detail MAS: BU Acct Authentication Failure Detail MAS: BU Acct Authentication Success Detail MAS: BU Acct Access Failure Detail MAS: BU Acct Access Success Detail MAS: BU Acct Disabled/Enabled Detail MAS: BU Acct UAM Detail MAS: IT Acct Authentication Failure Detail MAS: IT Acct Authentication Success Detail MAS: IT Acct Access Failure Detail MAS: IT Acct Access Success Detail MAS: IT Acct Disabled/Enabled Detail MAS: IT Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Auth Failure Detail MAS: HR Payroll Acct Auth Success Detail MAS: HR Payroll Acct Accs Failure Detail MAS: HR Payroll Acct Accs Success Detail MAS: HR Payroll Acct Disable/Enable Detail MAS: HR Payroll Acct UAM Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
| 4.4.3: Priority is given to threat and vulnerability pairings with high risk ranking which could cause significant harm or impact to the organisation’s operations. | Augment | MAS: Data Loss Prevention Rule MAS: Data Destruction Rule MAS: Data Exfiltration Rule MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Acct Created, Used, Deleted Inv MAS: Malware Detected Inv MAS: Data Loss Prevention Inv MAS: FIM Activity Rule Inv MAS: FIM Critical/Error/Information Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Non-Encrypted Protocol Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: Time Sync Error Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Data Loss Prevention Summary MAS: FIM Activity Rule Summary MAS: FIM Critical/Error/Information Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: Time Sync Error Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Acct Created, Used, Deleted Summary MAS: Non-Encrypted Protocol Summary MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: LogRhythm Silent Log Source Error Detail MAS: FIM Activity Rule Detail MAS: FIM Critical/Error/Information Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: Time Sync Error Detail MAS: Data Loss Prevention Detail MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Non-Encrypted Protocol Detail MAS: Acct Created, Used, Deleted Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
4.5.1: A monitoring and review process for continuous assessment and treatment of risks is instituted. | Augment | MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Acct Created, Used, Deleted Inv MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Non-Encrypted Protocol Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: Time Sync Error Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: Time Sync Error Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Non-Encrypted Protocol Summary MAS: Acct Created, Used, Deleted Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: Time Sync Error Detail MAS: Data Loss Prevention Detail MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Non-Encrypted Protocol Detail MAS: Acct Created, Used, Deleted Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
5.1.3: The engagement of the service provider does not hinder the ability of regulatory authorities to assess the organisation's IT risks which would include inspecting, supervising or examining the service provider’s roles, responsibilities, obligations, functions, systems and facilities. | Augment | MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule | MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Acct Created, Used, Deleted Inv MAS: Account Created Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv | MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Acct Created, Used, Deleted Summary MAS: Account Created Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: Usage Auditing Activity Summary MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail |
| 5.1.4: The service provider is required to employ a high standard of care and diligence in its security policies, procedures and controls to protect the confidentiality and security of the organisation's sensitive or confidential information, such as customer data, computer files, records, object programs and source codes. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule MAS: Physical Access Rule MAS: Suspicious Door Access Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule | MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Acct Created, Used, Deleted Inv MAS: Account Created Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: Physical Access Inv MAS: Suspicious Door Access Inv MAS: Data Loss Prevention Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Non-Encrypted Protocol Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv | MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Acct Created, Used, Deleted Summary MAS: Account Created Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: Usage Auditing Activity Summary MAS: Physical Access Summary MAS: Suspicious Door Access Summary MAS: Data Loss Prevention Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: Non-Encrypted Protocol Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: Vendor Acct UAM Detail MAS: Physical Access Detail MAS: Suspicious Door Access Detail MAS: Data Loss Prevention Detail MAS: FIM Critical/Error/Information Detail MAS: FIM Activity Rule Detail MAS: Non-Encrypted Protocol Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail |
| 5.1.5: The service provider is required to implement security policies, procedures and controls that are at least as stringent as the organisation's. | Augment | MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule | MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Acct Created, Used, Deleted Inv MAS: Account Created Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv | MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Acct Created, Used, Deleted Summary MAS: Account Created Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: Usage Auditing Activity Summary MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail |
| 5.1.6: The security policies, procedures and controls of the service provider are monitored and reviewed on a regular basis by the organisation, including commissioning or obtaining periodic expert reports on security adequacy and compliance in respect to the operations and services provided | Augment | MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule | MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Acct Created, Used, Deleted Inv MAS: Account Created Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv | MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Acct Created, Used, Deleted Summary MAS: Account Created Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: Usage Auditing Activity Summary MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail |
| 5.1.7: The service provider is required to develop and establish a disaster recovery contingency framework which defines its roles and responsibilities for documenting, maintaining and testing its contingency plans and recovery procedures. | Augment | MAS: Backup Activity Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule | MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: Acct Created, Used, Deleted Inv MAS: Account Created Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv | MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: Acct Created, Used, Deleted Summary MAS: Account Created Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: Usage Auditing Activity Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail |
| 5.1.9: The disaster recovery plan is reviewed, updated and tested regularly in accordance with changing technology conditions and operational requirements. | Augment | MAS: Backup Activity Rule | MAS: Patch Failure Inv MAS: Signature Failure Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: Time Sync Error Inv | MAS: Patch Failure Summary MAS: Signature Failure Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: Time Sync Error Summary MAS: Patch Failure Detail MAS: Signature Failure Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: Time Sync Error Detail |
5.1.10: A contingency plan based on credible worst-case scenarios for service disruptions is established to prepare for the possibility that the current service provider may not be able to continue operations or render the services required. | Augment | MAS: Backup Activity Rule | MAS: Patch Failure Inv MAS: Signature Failure Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: Time Sync Error Inv | MAS: Patch Failure Summary MAS: Signature Failure Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: Time Sync Error Summary MAS: Patch Failure Detail MAS: Signature Failure Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: Time Sync Error Detail |
5.1.10: The contingency plan incorporates identification of viable alternatives for resuming IT operations elsewhere. | Augment | MAS: Backup Activity Rule | MAS: Patch Failure Inv MAS: Signature Failure Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: Time Sync Error Inv | MAS: Patch Failure Summary MAS: Signature Failure Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: Time Sync Error Summary MAS: Patch Failure Detail MAS: Signature Failure Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: Time Sync Error Detail |
| 5.2.3: The service provider is able to isolate and clearly identify the organisation's customer data and other information system assets for protection. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule MAS: Physical Access Rule MAS: Suspicious Door Access Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule | MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Physical Access Inv MAS: Suspicious Door Access Inv MAS: Data Loss Prevention Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Non-Encrypted Protocol Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: Acct Created, Used, Deleted Inv MAS: Account Created Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv | MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Physical Access Summary MAS: Suspicious Door Access Summary MAS: Data Loss Prevention Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: Non-Encrypted Protocol Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: Acct Created, Used, Deleted Summary MAS: Account Created Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: Usage Auditing Activity Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Physical Access Detail MAS: Data Loss Prevention Detail MAS: Suspicious Door Access Detail MAS: FIM Critical/Error/Information Detail MAS: FIM Activity Rule Detail MAS: Non-Encrypted Protocol Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail |
| 5.2.5: The service provider’s ability to recover outsourced systems and IT services within the stipulated recovery time objective (RTO) is verified prior to contracting with the service provider. | Augment | MAS: Backup Activity Rule | MAS: Patch Failure Inv MAS: Signature Failure Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: Time Sync Error Inv | MAS: Patch Failure Summary MAS: Signature Failure Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: Time Sync Error Summary MAS: Patch Failure Detail MAS: Signature Failure Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: Time Sync Error Detail |
6.0.1: System deficiencies and defects are identified at the system design, development and testing phases. | Augment | N/A | MAS: Patch Failure Inv MAS: Signature Failure Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: FIM Critical/Error/Information Inv MAS: Time Sync Error Inv | MAS: Patch Failure Summary MAS: Signature Failure Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: FIM Critical/Error/Information Summary MAS: Time Sync Error Summary MAS: Patch Failure Detail MAS: Signature Failure Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: FIM Critical/Error/Information Detail MAS: Time Sync Error Detail |
| 6.2.1: Security requirements related to system access control, authentication, transaction authorisation, data integrity, system activity logging, audit trail, security event tracking and exception handling are clearly specified in the early phase of system development or acquisition. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: TST Priv Acct Auth Rule MAS: Backup Activity Rule MAS: FIM Activity Rule MAS: HR Payroll Acct Auth Failure Rule MAS: HR Payroll Acct Auth Success Rule MAS: HR Payroll Acct Accs Failure Rule MAS: HR Payroll Acct Accs Success Rule MAS: HR Payroll Acct Disable/Enable Rule MAS: HR Payroll Acct UAM MAS: Priv Acct Auth Failure Rule MAS: Priv Acct Auth Success Rule MAS: Priv Acct UAM Rule MAS: Priv Acct Access Success Rule MAS: Priv Acct Access Failure Rule MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule MAS: Default Acct Auth Failure Rule MAS: Default Acct Auth Success Rule MAS: Default Acct Access Failure Rule MAS: Default Acct Access Success Rule MAS: Default Acct Disabled/Enabled Rule MAS: Default Acct UAM Rule MAS: Shared Acct Auth Failure Rule MAS: Shared Acct Auth Success Rule MAS: Shared Acct Access Failure Rule MAS: Shared Acct Access Success Rule MAS: Shared Acct Disabled/Enabled Rule MAS: Shared Acct UAM Rule MAS: BU Acct Auth Failure Rule MAS: BU Acct Auth Success Rule MAS: BU Acct Access Failure Rule MAS: BU Acct Access Success Rule MAS: BU Acct Disabled/Enabled Rule MAS: BU Acct UAM Rule MAS: IT Acct Auth Failure Rule MAS: IT Acct Authentication Success Rule MAS: IT Acct Access Failure Rule MAS: IT Acct Access Success Rule MAS: IT Acct Disabled/Enabled Rule MAS: IT Acct UAM Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: System Startup/Shutdown Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: TST Environment Error Inv MAS: TST Authentication Success Inv MAS: TST Authentication Failure Inv MAS: TST Access Success Inv MAS: TST Access Failure Inv MAS: TST Priv Acct Authentication Inv MAS: Account Created Inv MAS: Priv Acct Auth Failure Inv MAS: Priv Acct Auth Success Inv MAS: Priv Acct UAM Inv MAS: Priv Acct Access Success Inv MAS: Priv Acct Access Failure Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Default Acct Authentication Failure Inv MAS: Default Acct Authentication Success Inv MAS: Default Acct Access Failure Inv MAS: Default Acct Access Success Inv MAS: Default Acct Disabled/Enabled Inv MAS: Default Acct UAM Inv MAS: Shared Acct Authentication Failure Inv MAS: Shared Acct Authentication Success Inv MAS: Shared Acct Access Failure Inv MAS: Shared Acct Access Success Inv MAS: Shared Acct Disabled/Enabled Inv MAS: Shared Acct UAM Inv MAS: BU Acct Authentication Failure Inv MAS: BU Acct Authentication Success Inv MAS: BU Acct Access Failure Inv MAS: BU Acct Access Success Inv MAS: BU Acct Disabled/Enabled Inv MAS: BU Acct UAM Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Auth Failure Inv MAS: HR Payroll Acct Auth Success Inv MAS: HR Payroll Acct Accs Failure Inv MAS: HR Payroll Acct Accs Success Inv MAS: HR Payroll Acct Disable/Enable Inv MAS: HR Payroll Acct UAM Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: TST Environment Error Summary MAS: TST Authentication Success Summary MAS: TST Authentication Failure Summary MAS: TST Access Success Summary MAS: TST Access Failure Summary MAS: TST Priv Acct Authentication Summary MAS: Acct Created, Used, Deleted Summary MAS: Account Created Summary MAS: Usage Auditing Activity Summary MAS: Priv Acct Auth Failure Summary MAS: Priv Acct Auth Success Summary MAS: Priv Acct UAM Summary MAS: Priv Acct Access Success Summary MAS: Priv Acct Access Failure Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Default Acct Authentication Failure Summary MAS: Default Acct Authentication Success Summary MAS: Default Acct Access Failure Summary MAS: Default Acct Access Success Summary MAS: Default Acct Disabled/Enabled Summary MAS: Default Acct UAM Summary MAS: Shared Acct Authentication Failure Summary MAS: Shared Acct Authentication Success Summary MAS: Shared Acct Access Failure Summary MAS: Shared Acct Access Success Summary MAS: Shared Acct Disabled/Enabled Summary MAS: Shared Acct UAM Summary MAS: BU Acct Authentication Failure Summary MAS: BU Acct Authentication Success Summary MAS: BU Acct Access Failure Summary MAS: BU Acct Access Success Summary MAS: BU Acct Disabled/Enabled Summary MAS: BU Acct UAM Summary MAS: IT Acct Authentication Failure Summary MAS: IT Acct Authentication Success Summary MAS: IT Acct Access Failure Summary MAS: IT Acct Access Success Summary MAS: IT Acct Disabled/Enabled Summary MAS: IT Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Auth Failure Summary MAS: HR Payroll Acct Auth Success Summary MAS: HR Payroll Acct Accs Failure Summary MAS: HR Payroll Acct Accs Success Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: HR Payroll Acct UAM Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Priv Acct Auth Failure Detail MAS: Priv Acct Auth Success Detail MAS: Priv Acct UAM Detail MAS: Priv Acct Access Success Detail MAS: Priv Acct Access Failure Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Default Acct Authentication Failure Detail MAS: Default Acct Authentication Success Detail MAS: Default Acct Access Failure Detail MAS: Default Acct Access Success Detail MAS: Default Acct Disabled/Enabled Detail MAS: Default Acct UAM Detail MAS: Shared Acct Authentication Failure Detail MAS: Shared Acct Authentication Success Detail MAS: Shared Acct Access Failure Detail MAS: Shared Acct Access Success Detail MAS: Shared Acct Disabled/Enabled Detail MAS: Shared Acct UAM Detail MAS: BU Acct Authentication Failure Detail MAS: BU Acct Authentication Success Detail MAS: BU Acct Access Failure Detail MAS: BU Acct Access Success Detail MAS: BU Acct Disabled/Enabled Detail MAS: BU Acct UAM Detail MAS: IT Acct Authentication Failure Detail MAS: IT Acct Authentication Success Detail MAS: IT Acct Access Failure Detail MAS: IT Acct Access Success Detail MAS: IT Acct Disabled/Enabled Detail MAS: IT Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Auth Failure Detail MAS: HR Payroll Acct Auth Success Detail MAS: HR Payroll Acct Accs Failure Detail MAS: HR Payroll Acct Accs Success Detail MAS: HR Payroll Acct Disable/Enable Detail MAS: HR Payroll Acct UAM Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
6.2.2: A methodology for system testing is established. | Augment | MAS: TST Priv Acct Auth Rule | MAS: TST Environment Error Inv MAS: TST Authentication Success Inv MAS: TST Authentication Failure Inv MAS: TST Access Success Inv MAS: TST Access Failure Inv MAS: TST Priv Acct Authentication Inv | MAS: TST Environment Error Summary MAS: TST Authentication Success Summary MAS: TST Authentication Failure Summary MAS: TST Access Success Summary MAS: TST Access Failure Summary MAS: TST Priv Acct Authentication Summary MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail |
| 6.2.2: The scope of tests covers business logic, security controls and system performance under various stress-load scenarios and recovery conditions. | Augment | MAS: TST Priv Acct Auth Rule | MAS: TST Environment Error Inv MAS: TST Authentication Success Inv MAS: TST Authentication Failure Inv MAS: TST Access Success Inv MAS: TST Access Failure Inv MAS: TST Priv Acct Authentication Inv | MAS: TST Environment Error Summary MAS: TST Authentication Success Summary MAS: TST Authentication Failure Summary MAS: TST Access Success Summary MAS: TST Access Failure Summary MAS: TST Priv Acct Authentication Summary MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail |
6.2.5: Separate physical or logical environments for unit, integration, as well as system and user acceptance testing (“UAT”) is maintained. | Augment | MAS: TST Priv Acct Auth Rule | MAS: TST Environment Error Inv MAS: TST Authentication Success Inv MAS: TST Authentication Failure Inv MAS: TST Access Success Inv MAS: TST Access Failure Inv MAS: TST Priv Acct Authentication Inv | MAS: TST Environment Error Summary MAS: TST Authentication Success Summary MAS: TST Authentication Failure Summary MAS: TST Access Success Summary MAS: TST Access Failure Summary MAS: TST Priv Acct Authentication Summary MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail |
| 6.2.5: Vendor and developers’ access to the UAT environment is closely monitored. | Augment | MAS: TST Priv Acct Auth Rule | MAS: TST Environment Error Inv MAS: TST Authentication Success Inv MAS: TST Authentication Failure Inv MAS: TST Access Success Inv MAS: TST Access Failure Inv MAS: TST Priv Acct Authentication Inv | MAS: TST Environment Error Summary MAS: TST Authentication Success Summary MAS: TST Authentication Failure Summary MAS: TST Access Success Summary MAS: TST Access Failure Summary MAS: TST Priv Acct Authentication Summary MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail |
| 6.4.3: Recovery measures, user access and data protection controls are implemented for simple applications that were developed by business users. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule MAS: HR Payroll Acct Auth Failure Rule MAS: HR Payroll Acct Auth Success Rule MAS: HR Payroll Acct Accs Failure Rule MAS: HR Payroll Acct Accs Success Rule MAS: HR Payroll Acct Disable/Enable Rule MAS: HR Payroll Acct UAM MAS: Priv Acct Auth Failure Rule MAS: Priv Acct Auth Success Rule MAS: Priv Acct UAM Rule MAS: Priv Acct Access Success Rule MAS: Priv Acct Access Failure Rule MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule MAS: Default Acct Auth Failure Rule MAS: Default Acct Auth Success Rule MAS: Default Acct Access Failure Rule MAS: Default Acct Access Success Rule MAS: Default Acct Disabled/Enabled Rule MAS: Default Acct UAM Rule MAS: Shared Acct Auth Failure Rule MAS: Shared Acct Auth Success Rule MAS: Shared Acct Access Failure Rule MAS: Shared Acct Access Success Rule MAS: Shared Acct Disabled/Enabled Rule MAS: Shared Acct UAM Rule MAS: BU Acct Auth Failure Rule MAS: BU Acct Auth Success Rule MAS: BU Acct Access Failure Rule MAS: BU Acct Access Success Rule MAS: BU Acct Disabled/Enabled Rule MAS: BU Acct UAM Rule MAS: IT Acct Auth Failure Rule MAS: IT Acct Authentication Success Rule MAS: IT Acct Access Failure Rule MAS: IT Acct Access Success Rule MAS: IT Acct Disabled/Enabled Rule MAS: IT Acct UAM Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: System Startup/Shutdown Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Acct Created, Used, Deleted Inv MAS: Account Created Inv MAS: Priv Acct Auth Failure Inv MAS: Priv Acct Auth Success Inv MAS: Priv Acct UAM Inv MAS: Priv Acct Access Success Inv MAS: Priv Acct Access Failure Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Default Acct Authentication Failure Inv MAS: Default Acct Authentication Success Inv MAS: Default Acct Access Failure Inv MAS: Default Acct Access Success Inv MAS: Default Acct Disabled/Enabled Inv MAS: Default Acct UAM Inv MAS: Shared Acct Authentication Failure Inv MAS: Shared Acct Authentication Success Inv MAS: Shared Acct Access Failure Inv MAS: Shared Acct Access Success Inv MAS: Shared Acct Disabled/Enabled Inv MAS: Shared Acct UAM Inv MAS: BU Acct Authentication Failure Inv MAS: BU Acct Authentication Success Inv MAS: BU Acct Access Failure Inv MAS: BU Acct Access Success Inv MAS: BU Acct Disabled/Enabled Inv MAS: BU Acct UAM Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Auth Failure Inv MAS: HR Payroll Acct Auth Success Inv MAS: HR Payroll Acct Accs Failure Inv MAS: HR Payroll Acct Accs Success Inv MAS: HR Payroll Acct Disable/Enable Inv MAS: HR Payroll Acct UAM Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Acct Created, Used, Deleted Summary MAS: Account Created Summary MAS: Usage Auditing Activity Summary MAS: Priv Acct Auth Failure Summary MAS: Priv Acct Auth Success Summary MAS: Priv Acct UAM Summary MAS: Priv Acct Access Success Summary MAS: Priv Acct Access Failure Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Default Acct Authentication Failure Summary MAS: Default Acct Authentication Success Summary MAS: Default Acct Access Failure Summary MAS: Default Acct Access Success Summary MAS: Default Acct Disabled/Enabled Summary MAS: Default Acct UAM Summary MAS: Shared Acct Authentication Failure Summary MAS: Shared Acct Authentication Success Summary MAS: Shared Acct Access Failure Summary MAS: Shared Acct Access Success Summary MAS: Shared Acct Disabled/Enabled Summary MAS: Shared Acct UAM Summary MAS: BU Acct Authentication Failure Summary MAS: BU Acct Authentication Success Summary MAS: BU Acct Access Failure Summary MAS: BU Acct Access Success Summary MAS: BU Acct Disabled/Enabled Summary MAS: BU Acct UAM Summary MAS: IT Acct Authentication Failure Summary MAS: IT Acct Authentication Success Summary MAS: IT Acct Access Failure Summary MAS: IT Acct Access Success Summary MAS: IT Acct Disabled/Enabled Summary MAS: IT Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Auth Failure Summary MAS: HR Payroll Acct Auth Success Summary MAS: HR Payroll Acct Accs Failure Summary MAS: HR Payroll Acct Accs Success Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: HR Payroll Acct UAM Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Priv Acct Auth Failure Detail MAS: Priv Acct Auth Success Detail MAS: Priv Acct UAM Detail MAS: Priv Acct Access Success Detail MAS: Priv Acct Access Failure Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Default Acct Authentication Failure Detail MAS: Default Acct Authentication Success Detail MAS: Default Acct Access Failure Detail MAS: Default Acct Access Success Detail MAS: Default Acct Disabled/Enabled Detail MAS: Default Acct UAM Detail MAS: Shared Acct Authentication Failure Detail MAS: Shared Acct Authentication Success Detail MAS: Shared Acct Access Failure Detail MAS: Shared Acct Access Success Detail MAS: Shared Acct Disabled/Enabled Detail MAS: Shared Acct UAM Detail MAS: BU Acct Authentication Failure Detail MAS: BU Acct Authentication Success Detail MAS: BU Acct Access Failure Detail MAS: BU Acct Access Success Detail MAS: BU Acct Disabled/Enabled Detail MAS: BU Acct UAM Detail MAS: IT Acct Authentication Failure Detail MAS: IT Acct Authentication Success Detail MAS: IT Acct Access Failure Detail MAS: IT Acct Access Success Detail MAS: IT Acct Disabled/Enabled Detail MAS: IT Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Auth Failure Detail MAS: HR Payroll Acct Auth Success Detail MAS: HR Payroll Acct Accs Failure Detail MAS: HR Payroll Acct Accs Success Detail MAS: HR Payroll Acct Disable/Enable Detail MAS: HR Payroll Acct UAM Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
| 6.4.4: End user developed program codes, scripts and macros are reviewed and tested before they are used to ensure the integrity and reliability of the applications. | Augment | MAS: TST Priv Acct Auth Rule | MAS: TST Environment Error Inv MAS: TST Authentication Success Inv MAS: TST Authentication Failure Inv MAS: TST Access Success Inv MAS: TST Access Failure Inv MAS: TST Priv Acct Authentication Inv | MAS: TST Environment Error Summary MAS: TST Authentication Success Summary MAS: TST Authentication Failure Summary MAS: TST Access Success Summary MAS: TST Access Failure Summary MAS: TST Priv Acct Authentication Summary MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail |
| 7.1.1: A change management process is established to ensure that changes to production systems are assessed, approved, implemented and reviewed in a controlled manner. | Augment | MAS: TST Priv Acct Auth Rule | MAS: TST Environment Error Inv MAS: TST Authentication Success Inv MAS: TST Authentication Failure Inv MAS: TST Access Success Inv MAS: TST Access Failure Inv MAS: TST Priv Acct Authentication Inv MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv | MAS: TST Environment Error Summary MAS: TST Authentication Success Summary MAS: TST Authentication Failure Summary MAS: TST Access Success Summary MAS: TST Access Failure Summary MAS: TST Priv Acct Authentication Summary MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail |
| 7.1.2: The change management process applies to changes pertaining to system and security configurations, patches for hardware devices and software updates. | Augment | MAS: TST Priv Acct Auth Rule | MAS: TST Environment Error Inv MAS: TST Authentication Success Inv MAS: TST Authentication Failure Inv MAS: TST Access Success Inv MAS: TST Access Failure Inv MAS: TST Priv Acct Authentication Inv MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv | MAS: TST Environment Error Summary MAS: TST Authentication Success Summary MAS: TST Authentication Failure Summary MAS: TST Access Success Summary MAS: TST Access Failure Summary MAS: TST Priv Acct Authentication Summary MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail |
7.1.4: The impending change is adequately tested. | Augment | MAS: TST Priv Acct Auth Rule | MAS: TST Environment Error Inv MAS: TST Authentication Success Inv MAS: TST Authentication Failure Inv MAS: TST Access Success Inv MAS: TST Access Failure Inv MAS: TST Priv Acct Authentication Inv MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv | MAS: TST Environment Error Summary MAS: TST Authentication Success Summary MAS: TST Authentication Failure Summary MAS: TST Access Success Summary MAS: TST Access Failure Summary MAS: TST Priv Acct Authentication Summary MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail |
| 7.1.5: All changes to the production environment are approved by personnel delegated with the authority to approve change requests. | Augment | MAS: TST Priv Acct Auth Rule | MAS: TST Environment Error Inv MAS: TST Authentication Success Inv MAS: TST Authentication Failure Inv MAS: TST Access Success Inv MAS: TST Access Failure Inv MAS: TST Priv Acct Authentication Inv MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv | MAS: TST Environment Error Summary MAS: TST Authentication Success Summary MAS: TST Authentication Failure Summary MAS: TST Access Success Summary MAS: TST Access Failure Summary MAS: TST Priv Acct Authentication Summary MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail |
| 7.1.6: To minimise risks associated with changes, backups of affected systems or applications are performed prior to the change. | Augment | MAS: Backup Activity Rule | MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv | MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail |
| 7.1.6: A rollback plan is established prior to the change. | Augment | MAS: Backup Activity Rule | MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv | MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail |
| 7.1.6: Alternative recovery options are established to address situations where a change does not allow the organisation to revert to a prior status. | Augment | MAS: Backup Activity Rule | MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv | MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail |
| 7.1.7: Logging facility is enabled to record activities performed during the migration process. | Augment | MAS: TST Priv Acct Auth Rule | MAS: TST Environment Error Inv MAS: TST Authentication Success Inv MAS: TST Authentication Failure Inv MAS: TST Access Success Inv MAS: TST Access Failure Inv MAS: TST Priv Acct Authentication Inv MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv | MAS: TST Environment Error Summary MAS: TST Authentication Success Summary MAS: TST Authentication Failure Summary MAS: TST Access Success Summary MAS: TST Access Failure Summary MAS: TST Priv Acct Authentication Summary MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail |
| 7.2.2: Separate physical or logical environments for systems development, testing, staging and production are established. | Augment | MAS: TST Priv Acct Auth Rule | MAS: TST Environment Error Inv MAS: TST Authentication Success Inv MAS: TST Authentication Failure Inv MAS: TST Access Success Inv MAS: TST Access Failure Inv MAS: TST Priv Acct Authentication Inv MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv | MAS: TST Environment Error Summary MAS: TST Authentication Success Summary MAS: TST Authentication Failure Summary MAS: TST Access Success Summary MAS: TST Access Failure Summary MAS: TST Priv Acct Authentication Summary MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail |
| 7.3.2: An incident management framework is established to restore normal IT service as quickly as possible following the incident, and with minimal impact to the organisation's business operations. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Acct Created, Used, Deleted Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Acct Created, Used, Deleted Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
| 7.3.2: The roles and responsibilities of staff involved in the incident management process include recording, analysing, remediating and monitoring incidents. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv MAS: System Startup/Shutdown Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Acct Created, Used, Deleted Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
| 7.3.3: Incidents are accorded with the appropriate severity level. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv MAS: System Startup/Shutdown Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Acct Created, Used, Deleted Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
7.3.6: The computer emergency response team comprises staff with necessary technical and operational skills to handle major incidents. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv MAS: System Startup/Shutdown Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attavk Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Acct Created, Used, Deleted Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
7.3.7: Senior management is kept apprised of the development of major incidents so that the decision to activate the disaster recovery plan can be made on a timely basis. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv MAS: System Startup/Shutdown Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Acct Created, Used, Deleted Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
7.3.7: The procedures to notify MAS of major incidents are established. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv MAS: System Startup/Shutdown Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Acct Created, Used, Deleted Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
7.3.7: MAS is informed as soon as possible in the event that a critical IT system has failed over to its disaster recovery system. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv MAS: System Startup/Shutdown Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Acct Created, Used, Deleted Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
7.3.10: A root- cause and impact analysis is performed for major incidents which result in severe disruption of IT services. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv MAS: System Startup/Shutdown Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Acct Created, Used, Deleted Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
7.3.10: Remediation actions are taken to prevent the recurrence of similar incidents. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv MAS: System Startup/Shutdown Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Acct Created, Used, Deleted Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
7.3.12: The root- cause and impact analysis covers the following areas: a. Root Cause Analysis i. When did it happen? ii. Where did it happen?
b. Impact Analysis i. Extent, duration or scope of the incident including information on the systems, resources and customers that were affected; ii. Magnitude of the incident including forgone revenue, losses, costs, investments, number of customers affected, implications, consequences to reputation and confidence; and
c. Corrective and Preventive Measures i. Immediate corrective action to be taken to address consequences of the incident. Priority should be placed on addressing customers’ concerns and / or compensation; ii. Measures to address the root cause of the incident; and iii. Measures to prevent similar or related incidents from occurring. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv MAS: System Startup/Shutdown Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Acct Created, Used, Deleted Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
7.4.2: Problems are identified, classified, prioritised, and addressed in a timely manner. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv MAS: System Startup/Shutdown Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Acct Created, Used, Deleted Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
7.4.3: The criteria to categorise problems by severity level is clearly defined to facilitate the classification process. | Direct | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv MAS: System Startup/Shutdown Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Acct Created, Used, Deleted Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
8.4.1: A data backup strategy is developed for the storage of critical information on a regular basis. | Augment | MAS: Backup Activity Rule | MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv | MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail |
8.4.3: Periodic testing and validation of the recovery capability of backup media is carried out. | Augment | MAS: Backup Activity Rule | MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv | MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail |
8.4.3: An assessment is performed to determine if backup media is adequate and sufficiently effective to support the recovery process. | Augment | MAS: Backup Activity Rule | MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv | MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail |
8.4.4: Backup tapes and disks, including USB disks, containing sensitive or confidential information are encrypted before they are transported offsite for storage. | Augment | MAS: Backup Activity Rule | MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv | MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail |
9.0.2: Measures are implemented to protect sensitive or confidential information such as customer personal, account and transaction data which are stored and processed in systems. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule MAS: HR Payroll Acct Auth Failure Rule MAS: HR Payroll Acct Auth Success Rule MAS: HR Payroll Acct Accs Failure Rule MAS: HR Payroll Acct Accs Success Rule MAS: HR Payroll Acct Disable/Enable Rule MAS: HR Payroll Acct UAM MAS: Priv Acct Auth Failure Rule MAS: Priv Acct Auth Success Rule MAS: Priv Acct UAM Rule MAS: Priv Acct Access Success Rule MAS: Priv Acct Access Failure Rule MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule MAS: Default Acct Auth Failure Rule MAS: Default Acct Auth Success Rule MAS: Default Acct Access Failure Rule MAS: Default Acct Access Success Rule MAS: Default Acct Disabled/Enabled Rule MAS: Default Acct UAM Rule MAS: Shared Acct Auth Failure Rule MAS: Shared Acct Auth Success Rule MAS: Shared Acct Access Failure Rule MAS: Shared Acct Access Success Rule MAS: Shared Acct Disabled/Enabled Rule MAS: Shared Acct UAM Rule MAS: BU Acct Auth Failure Rule MAS: BU Acct Auth Success Rule MAS: BU Acct Access Failure Rule MAS: BU Acct Access Success Rule MAS: BU Acct Disabled/Enabled Rule MAS: BU Acct UAM Rule MAS: IT Acct Auth Failure Rule MAS: IT Acct Authentication Success Rule MAS: IT Acct Access Failure Rule MAS: IT Acct Access Success Rule MAS: IT Acct Disabled/Enabled Rule MAS: IT Acct UAM Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: System Startup/Shutdown Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Acct Created, Used, Deleted Inv MAS: Account Created Inv MAS: Priv Acct Auth Failure Inv MAS: Priv Acct Auth Success Inv MAS: Priv Acct UAM Inv MAS: Priv Acct Access Success Inv MAS: Priv Acct Access Failure Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Default Acct Authentication Failure Inv MAS: Default Acct Authentication Success Inv MAS: Default Acct Access Failure Inv MAS: Default Acct Access Success Inv MAS: Default Acct Disabled/Enabled Inv MAS: Default Acct UAM Inv MAS: Shared Acct Authentication Failure Inv MAS: Shared Acct Authentication Success Inv MAS: Shared Acct Access Failure Inv MAS: Shared Acct Access Success Inv MAS: Shared Acct Disabled/Enabled Inv MAS: Shared Acct UAM Inv MAS: BU Acct Authentication Failure Inv MAS: BU Acct Authentication Success Inv MAS: BU Acct Access Failure Inv MAS: BU Acct Access Success Inv MAS: BU Acct Disabled/Enabled Inv MAS: BU Acct UAM Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Auth Failure Inv MAS: HR Payroll Acct Auth Success Inv MAS: HR Payroll Acct Accs Failure Inv MAS: HR Payroll Acct Accs Success Inv MAS: HR Payroll Acct Disable/Enable Inv MAS: HR Payroll Acct UAM Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Acct Created, Used, Deleted Summary MAS: Account Created Summary MAS: Usage Auditing Activity Summary MAS: Priv Acct Auth Failure Summary MAS: Priv Acct Auth Success Summary MAS: Priv Acct UAM Summary MAS: Priv Acct Access Success Summary MAS: Priv Acct Access Failure Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Default Acct Authentication Failure Summary MAS: Default Acct Authentication Success Summary MAS: Default Acct Access Failure Summary MAS: Default Acct Access Success Summary MAS: Default Acct Disabled/Enabled Summary MAS: Default Acct UAM Summary MAS: Shared Acct Authentication Failure Summary MAS: Shared Acct Authentication Success Summary MAS: Shared Acct Access Failure Summary MAS: Shared Acct Access Success Summary MAS: Shared Acct Disabled/Enabled Summary MAS: Shared Acct UAM Summary MAS: BU Acct Authentication Failure Summary MAS: BU Acct Authentication Success Summary MAS: BU Acct Access Failure Summary MAS: BU Acct Access Success Summary MAS: BU Acct Disabled/Enabled Summary MAS: BU Acct UAM Summary MAS: IT Acct Authentication Failure Summary MAS: IT Acct Authentication Success Summary MAS: IT Acct Access Failure Summary MAS: IT Acct Access Success Summary MAS: IT Acct Disabled/Enabled Summary MAS: IT Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Auth Failure Summary MAS: HR Payroll Acct Auth Success Summary MAS: HR Payroll Acct Accs Failure Summary MAS: HR Payroll Acct Accs Success Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: HR Payroll Acct UAM Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Priv Acct Auth Failure Detail MAS: Priv Acct Auth Success Detail MAS: Priv Acct UAM Detail MAS: Priv Acct Access Success Detail MAS: Priv Acct Access Failure Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Default Acct Authentication Failure Detail MAS: Default Acct Authentication Success Detail MAS: Default Acct Access Failure Detail MAS: Default Acct Access Success Detail MAS: Default Acct Disabled/Enabled Detail MAS: Default Acct UAM Detail MAS: Shared Acct Authentication Failure Detail MAS: Shared Acct Authentication Success Detail MAS: Shared Acct Access Failure Detail MAS: Shared Acct Access Success Detail MAS: Shared Acct Disabled/Enabled Detail MAS: Shared Acct UAM Detail MAS: BU Acct Authentication Failure Detail MAS: BU Acct Authentication Success Detail MAS: BU Acct Access Failure Detail MAS: BU Acct Access Success Detail MAS: BU Acct Disabled/Enabled Detail MAS: BU Acct UAM Detail MAS: IT Acct Authentication Failure Detail MAS: IT Acct Authentication Success Detail MAS: IT Acct Access Failure Detail MAS: IT Acct Access Success Detail MAS: IT Acct Disabled/Enabled Detail MAS: IT Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Auth Failure Detail MAS: HR Payroll Acct Auth Success Detail MAS: HR Payroll Acct Accs Failure Detail MAS: HR Payroll Acct Accs Success Detail MAS: HR Payroll Acct Disable/Enable Detail MAS: HR Payroll Acct UAM Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
9.0.2: Customers are properly authenticated before access to online transaction functions and sensitive personal or account information is permitted. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: HR Payroll Acct Auth Failure Rule MAS: HR Payroll Acct Auth Success Rule MAS: HR Payroll Acct Accs Failure Rule MAS: HR Payroll Acct Accs Success Rule MAS: HR Payroll Acct Disable/Enable Rule MAS: HR Payroll Acct UAM MAS: Priv Acct Auth Failure Rule MAS: Priv Acct Auth Success Rule MAS: Priv Acct UAM Rule MAS: Priv Acct Access Success Rule MAS: Priv Acct Access Failure Rule MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule MAS: Default Acct Auth Failure Rule MAS: Default Acct Auth Success Rule MAS: Default Acct Access Failure Rule MAS: Default Acct Access Success Rule MAS: Default Acct Disabled/Enabled Rule MAS: Default Acct UAM Rule MAS: Shared Acct Auth Failure Rule MAS: Shared Acct Auth Success Rule MAS: Shared Acct Access Failure Rule MAS: Shared Acct Access Success Rule MAS: Shared Acct Disabled/Enabled Rule MAS: Shared Acct UAM Rule MAS: BU Acct Auth Failure Rule MAS: BU Acct Auth Success Rule MAS: BU Acct Access Failure Rule MAS: BU Acct Access Success Rule MAS: BU Acct Disabled/Enabled Rule MAS: BU Acct UAM Rule MAS: IT Acct Auth Failure Rule MAS: IT Acct Authentication Success Rule MAS: IT Acct Access Failure Rule MAS: IT Acct Access Success Rule MAS: IT Acct Disabled/Enabled Rule MAS: IT Acct UAM Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: System Startup/Shutdown Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Account Created Inv MAS: Priv Acct Auth Failure Inv MAS: Priv Acct Auth Success Inv MAS: Priv Acct UAM Inv MAS: Priv Acct Access Success Inv MAS: Priv Acct Access Failure Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Default Acct Authentication Failure Inv MAS: Default Acct Authentication Success Inv MAS: Default Acct Access Failure Inv MAS: Default Acct Access Success Inv MAS: Default Acct Disabled/Enabled Inv MAS: Default Acct UAM Inv MAS: Shared Acct Authentication Failure Inv MAS: Shared Acct Authentication Success Inv MAS: Shared Acct Access Failure Inv MAS: Shared Acct Access Success Inv MAS: Shared Acct Disabled/Enabled Inv MAS: Shared Acct UAM Inv MAS: BU Acct Authentication Failure Inv MAS: BU Acct Authentication Success Inv MAS: BU Acct Access Failure Inv MAS: BU Acct Access Success Inv MAS: BU Acct Disabled/Enabled Inv MAS: BU Acct UAM Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Auth Failure Inv MAS: HR Payroll Acct Auth Success Inv MAS: HR Payroll Acct Accs Failure Inv MAS: HR Payroll Acct Accs Success Inv MAS: HR Payroll Acct Disable/Enable Inv MAS: HR Payroll Acct UAM Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Acct Created, Used, Deleted Summary MAS: Account Created Summary MAS: Usage Auditing Activity Summary MAS: Priv Acct Auth Failure Summary MAS: Priv Acct Auth Success Summary MAS: Priv Acct UAM Summary MAS: Priv Acct Access Success Summary MAS: Priv Acct Access Failure Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Default Acct Authentication Failure Summary MAS: Default Acct Authentication Success Summary MAS: Default Acct Access Failure Summary MAS: Default Acct Access Success Summary MAS: Default Acct Disabled/Enabled Summary MAS: Default Acct UAM Summary MAS: Shared Acct Authentication Failure Summary MAS: Shared Acct Authentication Success Summary MAS: Shared Acct Access Failure Summary MAS: Shared Acct Access Success Summary MAS: Shared Acct Disabled/Enabled Summary MAS: Shared Acct UAM Summary MAS: BU Acct Authentication Failure Summary MAS: BU Acct Authentication Success Summary MAS: BU Acct Access Failure Summary MAS: BU Acct Access Success Summary MAS: BU Acct Disabled/Enabled Summary MAS: BU Acct UAM Summary MAS: IT Acct Authentication Failure Summary MAS: IT Acct Authentication Success Summary MAS: IT Acct Access Failure Summary MAS: IT Acct Access Success Summary MAS: IT Acct Disabled/Enabled Summary MAS: IT Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Auth Failure Summary MAS: HR Payroll Acct Auth Success Summary MAS: HR Payroll Acct Accs Failure Summary MAS: HR Payroll Acct Accs Success Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: HR Payroll Acct UAM Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summar MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Priv Acct Auth Failure Detail MAS: Priv Acct Auth Success Detail MAS: Priv Acct UAM Detail MAS: Priv Acct Access Success Detail MAS: Priv Acct Access Failure Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Default Acct Authentication Failure Detail MAS: Default Acct Authentication Success Detail MAS: Default Acct Access Failure Detail MAS: Default Acct Access Success Detail MAS: Default Acct Disabled/Enabled Detail MAS: Default Acct UAM Detail MAS: Shared Acct Authentication Failure Detail MAS: Shared Acct Authentication Success Detail MAS: Shared Acct Access Failure Detail MAS: Shared Acct Access Success Detail MAS: Shared Acct Disabled/Enabled Detail MAS: Shared Acct UAM Detail MAS: BU Acct Authentication Failure Detail MAS: BU Acct Authentication Success Detail MAS: BU Acct Access Failure Detail MAS: BU Acct Access Success Detail MAS: BU Acct Disabled/Enabled Detail MAS: BU Acct UAM Detail MAS: IT Acct Authentication Failure Detail MAS: IT Acct Authentication Success Detail MAS: IT Acct Access Failure Detail MAS: IT Acct Access Success Detail MAS: IT Acct Disabled/Enabled Detail MAS: IT Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Auth Failure Detail MAS: HR Payroll Acct Auth Success Detail MAS: HR Payroll Acct Accs Failure Detail MAS: HR Payroll Acct Accs Success Detail MAS: HR Payroll Acct Disable/Enable Detail MAS: HR Payroll Acct UAM Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
9.0.2: Customer information including login credentials, passwords and personal identification numbers (PINs) are secured against exploits such as ATM skimming, card cloning, hacking, phishing and malware. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: HR Payroll Acct Auth Failure Rule MAS: HR Payroll Acct Auth Success Rule MAS: HR Payroll Acct Accs Failure Rule MAS: HR Payroll Acct Accs Success Rule MAS: HR Payroll Acct Disable/Enable Rule MAS: HR Payroll Acct UAM MAS: Priv Acct Auth Failure Rule MAS: Priv Acct Auth Success Rule MAS: Priv Acct UAM Rule MAS: Priv Acct Access Success Rule MAS: Priv Acct Access Failure Rule MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule MAS: Default Acct Auth Failure Rule MAS: Default Acct Auth Success Rule MAS: Default Acct Access Failure Rule MAS: Default Acct Access Success Rule MAS: Default Acct Disabled/Enabled Rule MAS: Default Acct UAM Rule MAS: Shared Acct Auth Failure Rule MAS: Shared Acct Auth Success Rule MAS: Shared Acct Access Failure Rule MAS: Shared Acct Access Success Rule MAS: Shared Acct Disabled/Enabled Rule MAS: Shared Acct UAM Rule MAS: BU Acct Auth Failure Rule MAS: BU Acct Auth Success Rule MAS: BU Acct Access Failure Rule MAS: BU Acct Access Success Rule MAS: BU Acct Disabled/Enabled Rule MAS: BU Acct UAM Rule MAS: IT Acct Auth Failure Rule MAS: IT Acct Authentication Success Rule MAS: IT Acct Access Failure Rule MAS: IT Acct Access Success Rule MAS: IT Acct Disabled/Enabled Rule MAS: IT Acct UAM Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: System Startup/Shutdown Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Acct Created, Used, Deleted Inv MAS: Account Created Inv MAS: Priv Acct Auth Failure Inv MAS: Priv Acct Auth Success Inv MAS: Priv Acct UAM Inv MAS: Priv Acct Access Success Inv MAS: Priv Acct Access Failure Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Default Acct Authentication Failure Inv MAS: Default Acct Authentication Success Inv MAS: Default Acct Access Failure Inv MAS: Default Acct Access Success Inv MAS: Default Acct Disabled/Enabled Inv MAS: Default Acct UAM Inv MAS: Shared Acct Authentication Failure Inv MAS: Shared Acct Authentication Success Inv MAS: Shared Acct Access Failure Inv MAS: Shared Acct Access Success Inv MAS: Shared Acct Disabled/Enabled Inv MAS: Shared Acct UAM Inv MAS: BU Acct Authentication Failure Inv MAS: BU Acct Authentication Success Inv MAS: BU Acct Access Failure Inv MAS: BU Acct Access Success Inv MAS: BU Acct Disabled/Enabled Inv MAS: BU Acct UAM Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Auth Failure Inv MAS: HR Payroll Acct Auth Success Inv MAS: HR Payroll Acct Accs Failure Inv MAS: HR Payroll Acct Accs Success Inv MAS: HR Payroll Acct Disable/Enable Inv MAS: HR Payroll Acct UAM Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Acct Created, Used, Deleted Summary MAS: Account Created Summary MAS: Usage Auditing Activity Summary MAS: Priv Acct Auth Failure Summary MAS: Priv Acct Auth Success Summary MAS: Priv Acct UAM Summary MAS: Priv Acct Access Success Summary MAS: Priv Acct Access Failure Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Default Acct Authentication Failure Summary MAS: Default Acct Authentication Success Summary MAS: Default Acct Access Failure Summary MAS: Default Acct Access Success Summary MAS: Default Acct Disabled/Enabled Summary MAS: Default Acct UAM Summary MAS: Shared Acct Authentication Failure Summary MAS: Shared Acct Authentication Success Summary MAS: Shared Acct Access Failure Summary MAS: Shared Acct Access Success Summary MAS: Shared Acct Disabled/Enabled Summary MAS: Shared Acct UAM Summary MAS: BU Acct Authentication Failure Summary MAS: BU Acct Authentication Success Summary MAS: BU Acct Access Failure Summary MAS: BU Acct Access Success Summary MAS: BU Acct Disabled/Enabled Summary MAS: BU Acct UAM Summary MAS: IT Acct Authentication Failure Summary MAS: IT Acct Authentication Success Summary MAS: IT Acct Access Failure Summary MAS: IT Acct Access Success Summary MAS: IT Acct Disabled/Enabled Summary MAS: IT Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Auth Failure Summary MAS: HR Payroll Acct Auth Success Summary MAS: HR Payroll Acct Accs Failure Summary MAS: HR Payroll Acct Accs Success Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: HR Payroll Acct UAM Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Priv Acct Auth Failure Detail MAS: Priv Acct Auth Success Detail MAS: Priv Acct UAM Detail MAS: Priv Acct Access Success Detail MAS: Priv Acct Access Failure Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Default Acct Authentication Failure Detail MAS: Default Acct Authentication Success Detail MAS: Default Acct Access Failure Detail MAS: Default Acct Access Success Detail MAS: Default Acct Disabled/Enabled Detail MAS: Default Acct UAM Detail MAS: Shared Acct Authentication Failure Detail MAS: Shared Acct Authentication Success Detail MAS: Shared Acct Access Failure Detail MAS: Shared Acct Access Success Detail MAS: Shared Acct Disabled/Enabled Detail MAS: Shared Acct UAM Detail MAS: BU Acct Authentication Failure Detail MAS: BU Acct Authentication Success Detail MAS: BU Acct Access Failure Detail MAS: BU Acct Access Success Detail MAS: BU Acct Disabled/Enabled Detail MAS: BU Acct UAM Detail MAS: IT Acct Authentication Failure Detail MAS: IT Acct Authentication Success Detail MAS: IT Acct Access Failure Detail MAS: IT Acct Access Success Detail MAS: IT Acct Disabled/Enabled Detail MAS: IT Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Auth Failure Detail MAS: HR Payroll Acct Auth Success Detail MAS: HR Payroll Acct Accs Failure Detail MAS: HR Payroll Acct Accs Success Detail MAS: HR Payroll Acct Disable/Enable Detail MAS: HR Payroll Acct UAM Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
9.1.1: Important data are identified and adequate measures are adopted to detect and prevent unauthorised access, copying or transmission of confidential information. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule MAS: HR Payroll Acct Auth Failure Rule MAS: HR Payroll Acct Auth Success Rule MAS: HR Payroll Acct Accs Failure Rule MAS: HR Payroll Acct Accs Success Rule MAS: HR Payroll Acct Disable/Enable Rule MAS: HR Payroll Acct UAM MAS: Priv Acct Auth Failure Rule MAS: Priv Acct Auth Success Rule MAS: Priv Acct UAM Rule MAS: Priv Acct Access Success Rule MAS: Priv Acct Access Failure Rule MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule MAS: Default Acct Auth Failure Rule MAS: Default Acct Auth Success Rule MAS: Default Acct Access Failure Rule MAS: Default Acct Access Success Rule MAS: Default Acct Disabled/Enabled Rule MAS: Default Acct UAM Rule MAS: Shared Acct Auth Failure Rule MAS: Shared Acct Auth Success Rule MAS: Shared Acct Access Failure Rule MAS: Shared Acct Access Success Rule MAS: Shared Acct Disabled/Enabled Rule MAS: Shared Acct UAM Rule MAS: BU Acct Auth Failure Rule MAS: BU Acct Auth Success Rule MAS: BU Acct Access Failure Rule MAS: BU Acct Access Success Rule MAS: BU Acct Disabled/Enabled Rule MAS: BU Acct UAM Rule MAS: IT Acct Auth Failure Rule MAS: IT Acct Authentication Success Rule MAS: IT Acct Access Failure Rule MAS: IT Acct Access Success Rule MAS: IT Acct Disabled/Enabled Rule MAS: IT Acct UAM Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: System Startup/Shutdown Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Acct Created, Used, Deleted Inv MAS: Account Created Inv MAS: Priv Acct Auth Failure Inv MAS: Priv Acct Auth Success Inv MAS: Priv Acct UAM Inv MAS: Priv Acct Access Success Inv MAS: Priv Acct Access Failure Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Default Acct Authentication Failure Inv MAS: Default Acct Authentication Success Inv MAS: Default Acct Access Failure Inv MAS: Default Acct Access Success Inv MAS: Default Acct Disabled/Enabled Inv MAS: Default Acct UAM Inv MAS: Shared Acct Authentication Failure Inv MAS: Shared Acct Authentication Success Inv MAS: Shared Acct Access Failure Inv MAS: Shared Acct Access Success Inv MAS: Shared Acct Disabled/Enabled Inv MAS: Shared Acct UAM Inv MAS: BU Acct Authentication Failure Inv MAS: BU Acct Authentication Success Inv MAS: BU Acct Access Failure Inv MAS: BU Acct Access Success Inv MAS: BU Acct Disabled/Enabled Inv MAS: BU Acct UAM Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Auth Failure Inv MAS: HR Payroll Acct Auth Success Inv MAS: HR Payroll Acct Accs Failure Inv MAS: HR Payroll Acct Accs Success Inv MAS: HR Payroll Acct Disable/Enable Inv MAS: HR Payroll Acct UAM Inv MAS: Acct Created, Used, Deleted Inv MAS: Account Created Inv MAS: Priv Acct Auth Failure Inv MAS: Priv Acct Auth Success Inv MAS: Priv Acct UAM Inv MAS: Priv Acct Access Success Inv MAS: Priv Acct Access Failure Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Default Acct Authentication Failure Inv MAS: Default Acct Authentication Success Inv MAS: Default Acct Access Failure Inv MAS: Default Acct Access Success Inv MAS: Default Acct Disabled/Enabled Inv MAS: Default Acct UAM Inv MAS: Shared Acct Authentication Failure Inv MAS: Shared Acct Authentication Success Inv MAS: Shared Acct Access Failure Inv MAS: Shared Acct Access Success Inv MAS: Shared Acct Disabled/Enabled Inv MAS: Shared Acct UAM Inv MAS: BU Acct Authentication Failure Inv MAS: BU Acct Authentication Success Inv MAS: BU Acct Access Failure Inv MAS: BU Acct Access Success Inv MAS: BU Acct Disabled/Enabled Inv MAS: BU Acct UAM Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Auth Failure Inv MAS: HR Payroll Acct Auth Success Inv MAS: HR Payroll Acct Accs Failure Inv MAS: HR Payroll Acct Accs Success Inv MAS: HR Payroll Acct Disable/Enable Inv MAS: HR Payroll Acct UAM Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Acct Created, Used, Deleted Summary MAS: Account Created Summary MAS: Usage Auditing Activity Summary MAS: Priv Acct Auth Failure Summary MAS: Priv Acct Auth Success Summary MAS: Priv Acct UAM Summary MAS: Priv Acct Access Success Summary MAS: Priv Acct Access Failure Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Default Acct Authentication Failure Summary MAS: Default Acct Authentication Success Summary MAS: Default Acct Access Failure Summary MAS: Default Acct Access Success Summary MAS: Default Acct Disabled/Enabled Summary MAS: Default Acct UAM Summary MAS: Shared Acct Authentication Failure Summary MAS: Shared Acct Authentication Success Summary MAS: Shared Acct Access Failure Summary MAS: Shared Acct Access Success Summary MAS: Shared Acct Disabled/Enabled Summary MAS: Shared Acct UAM Summary MAS: BU Acct Authentication Failure Summary MAS: BU Acct Authentication Success Summary MAS: BU Acct Access Failure Summary MAS: BU Acct Access Success Summary MAS: BU Acct Disabled/Enabled Summary MAS: BU Acct UAM Summary MAS: IT Acct Authentication Failure Summary MAS: IT Acct Authentication Success Summary MAS: IT Acct Access Failure Summary MAS: IT Acct Access Success Summary MAS: IT Acct Disabled/Enabled Summary MAS: IT Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Auth Failure Summary MAS: HR Payroll Acct Auth Success Summary MAS: HR Payroll Acct Accs Failure Summary MAS: HR Payroll Acct Accs Success Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: HR Payroll Acct UAM Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Priv Acct Auth Failure Detail MAS: Priv Acct Auth Success Detail MAS: Priv Acct UAM Detail MAS: Priv Acct Access Success Detail MAS: Priv Acct Access Failure Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Default Acct Authentication Failure Detail MAS: Default Acct Authentication Success Detail MAS: Default Acct Access Failure Detail MAS: Default Acct Access Success Detail MAS: Default Acct Disabled/Enabled Detail MAS: Default Acct UAM Detail MAS: Shared Acct Authentication Failure Detail MAS: Shared Acct Authentication Success Detail MAS: Shared Acct Access Failure Detail MAS: Shared Acct Access Success Detail MAS: Shared Acct Disabled/Enabled Detail MAS: Shared Acct UAM Detail MAS: BU Acct Authentication Failure Detail MAS: BU Acct Authentication Success Detail MAS: BU Acct Access Failure Detail MAS: BU Acct Access Success Detail MAS: BU Acct Disabled/Enabled Detail MAS: BU Acct UAM Detail MAS: IT Acct Authentication Failure Detail MAS: IT Acct Authentication Success Detail MAS: IT Acct Access Failure Detail MAS: IT Acct Access Success Detail MAS: IT Acct Disabled/Enabled Detail MAS: IT Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Auth Failure Detail MAS: HR Payroll Acct Auth Success Detail MAS: HR Payroll Acct Accs Failure Detail MAS: HR Payroll Acct Accs Success Detail MAS: HR Payroll Acct Disable/Enable Detail MAS: HR Payroll Acct UAM Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
9.1.2: A comprehensive data loss prevention strategy is developed to protect sensitive or confidential information. The data loss prevention strategy takes into consideration the following:
| Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule MAS: HR Payroll Acct Auth Failure Rule MAS: HR Payroll Acct Auth Success Rule MAS: HR Payroll Acct Accs Failure Rule MAS: HR Payroll Acct Accs Success Rule MAS: HR Payroll Acct Disable/Enable Rule MAS: HR Payroll Acct UAM MAS: Priv Acct Auth Failure Rule MAS: Priv Acct Auth Success Rule MAS: Priv Acct UAM Rule MAS: Priv Acct Access Success Rule MAS: Priv Acct Access Failure Rule MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule MAS: Default Acct Auth Failure Rule MAS: Default Acct Auth Success Rule MAS: Default Acct Access Failure Rule MAS: Default Acct Access Success Rule MAS: Default Acct Disabled/Enabled Rule MAS: Default Acct UAM Rule MAS: Shared Acct Auth Failure Rule MAS: Shared Acct Auth Success Rule MAS: Shared Acct Access Failure Rule MAS: Shared Acct Access Success Rule MAS: Shared Acct Disabled/Enabled Rule MAS: Shared Acct UAM Rule MAS: BU Acct Auth Failure Rule MAS: BU Acct Auth Success Rule MAS: BU Acct Access Failure Rule MAS: BU Acct Access Success Rule MAS: BU Acct Disabled/Enabled Rule MAS: BU Acct UAM Rule MAS: IT Acct Auth Failure Rule MAS: IT Acct Authentication Success Rule MAS: IT Acct Access Failure Rule MAS: IT Acct Access Success Rule MAS: IT Acct Disabled/Enabled Rule MAS: IT Acct UAM Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Acct Created, Used, Deleted Inv MAS: Account Created Inv MAS: Priv Acct Auth Failure Inv MAS: Priv Acct Auth Success Inv MAS: Priv Acct UAM Inv MAS: Priv Acct Access Success Inv MAS: Priv Acct Access Failure Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Default Acct Authentication Failure Inv MAS: Default Acct Authentication Success Inv MAS: Default Acct Access Failure Inv MAS: Default Acct Access Success Inv MAS: Default Acct Disabled/Enabled Inv MAS: Default Acct UAM Inv MAS: Shared Acct Authentication Failure Inv MAS: Shared Acct Authentication Success Inv MAS: Shared Acct Access Failure Inv MAS: Shared Acct Access Success Inv MAS: Shared Acct Disabled/Enabled Inv MAS: Shared Acct UAM Inv MAS: BU Acct Authentication Failure Inv MAS: BU Acct Authentication Success Inv MAS: BU Acct Access Failure Inv MAS: BU Acct Access Success Inv MAS: BU Acct Disabled/Enabled Inv MAS: BU Acct UAM Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Auth Failure Inv MAS: HR Payroll Acct Auth Success Inv MAS: HR Payroll Acct Accs Failure Inv MAS: HR Payroll Acct Accs Success Inv MAS: HR Payroll Acct Disable/Enable Inv MAS: HR Payroll Acct UAM Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Acct Created, Used, Deleted Summary MAS: Account Created Summary MAS: Usage Auditing Activity Summary MAS: Priv Acct Auth Failure Summary MAS: Priv Acct Auth Success Summary MAS: Priv Acct UAM Summary MAS: Priv Acct Access Success Summary MAS: Priv Acct Access Failure Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Default Acct Authentication Failure Summary MAS: Default Acct Authentication Success Summary MAS: Default Acct Access Failure Summary MAS: Default Acct Access Success Summary MAS: Default Acct Disabled/Enabled Summary MAS: Default Acct UAM Summary MAS: Shared Acct Authentication Failure Summary MAS: Shared Acct Authentication Success Summary MAS: Shared Acct Access Failure Summary MAS: Shared Acct Access Success Summary MAS: Shared Acct Disabled/Enabled Summary MAS: Shared Acct UAM Summary MAS: BU Acct Authentication Failure Summary MAS: BU Acct Authentication Success Summary MAS: BU Acct Access Failure Summary MAS: BU Acct Access Success Summary MAS: BU Acct Disabled/Enabled Summary MAS: BU Acct UAM Summary MAS: IT Acct Authentication Failure Summary MAS: IT Acct Authentication Success Summary MAS: IT Acct Access Failure Summary MAS: IT Acct Access Success Summary MAS: IT Acct Disabled/Enabled Summary MAS: IT Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Auth Failure Summary MAS: HR Payroll Acct Auth Success Summary MAS: HR Payroll Acct Accs Failure Summary MAS: HR Payroll Acct Accs Success Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: HR Payroll Acct UAM Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Data Loss Prevention Detail MAS: Acct Created, Used, Deleted Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Acct Created, Used, Deleted Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Priv Acct Auth Failure Detail MAS: Priv Acct Auth Success Detail MAS: Priv Acct UAM Detail MAS: Priv Acct Access Success Detail MAS: Priv Acct Access Failure Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Default Acct Authentication Failure Detail MAS: Default Acct Authentication Success Detail MAS: Default Acct Access Failure Detail MAS: Default Acct Access Success Detail MAS: Default Acct Disabled/Enabled Detail MAS: Default Acct UAM Detail MAS: Shared Acct Authentication Failure Detail MAS: Shared Acct Authentication Success Detail MAS: Shared Acct Access Failure Detail MAS: Shared Acct Access Success Detail MAS: Shared Acct Disabled/Enabled Detail MAS: Shared Acct UAM Detail MAS: BU Acct Authentication Failure Detail MAS: BU Acct Authentication Success Detail MAS: BU Acct Access Failure Detail MAS: BU Acct Access Success Detail MAS: BU Acct Disabled/Enabled Detail MAS: BU Acct UAM Detail MAS: IT Acct Authentication Failure Detail MAS: IT Acct Authentication Success Detail MAS: IT Acct Access Failure Detail MAS: IT Acct Access Success Detail MAS: IT Acct Disabled/Enabled Detail MAS: IT Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Auth Failure Detail MAS: HR Payroll Acct Auth Success Detail MAS: HR Payroll Acct Accs Failure Detail MAS: HR Payroll Acct Accs Success Detail MAS: HR Payroll Acct Disable/Enable Detail MAS: HR Payroll Acct UAM Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
9.1.6: Confidential information stored on IT systems, servers and databases is encrypted and protected through strong access controls, bearing in mind the principle of “least privilege”. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule MAS: HR Payroll Acct Auth Failure Rule MAS: HR Payroll Acct Auth Success Rule MAS: HR Payroll Acct Accs Failure Rule MAS: HR Payroll Acct Accs Success Rule MAS: HR Payroll Acct Disable/Enable Rule MAS: HR Payroll Acct UAM MAS: Priv Acct Auth Failure Rule MAS: Priv Acct Auth Success Rule MAS: Priv Acct UAM Rule MAS: Priv Acct Access Success Rule MAS: Priv Acct Access Failure Rule MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule MAS: Default Acct Auth Failure Rule MAS: Default Acct Auth Success Rule MAS: Default Acct Access Failure Rule MAS: Default Acct Access Success Rule MAS: Default Acct Disabled/Enabled Rule MAS: Default Acct UAM Rule MAS: Shared Acct Auth Failure Rule MAS: Shared Acct Auth Success Rule MAS: Shared Acct Access Failure Rule MAS: Shared Acct Access Success Rule MAS: Shared Acct Disabled/Enabled Rule MAS: Shared Acct UAM Rule MAS: BU Acct Auth Failure Rule MAS: BU Acct Auth Success Rule MAS: BU Acct Access Failure Rule MAS: BU Acct Access Success Rule MAS: BU Acct Disabled/Enabled Rule MAS: BU Acct UAM Rule MAS: IT Acct Auth Failure Rule MAS: IT Acct Authentication Success Rule MAS: IT Acct Access Failure Rule MAS: IT Acct Access Success Rule MAS: IT Acct Disabled/Enabled Rule MAS: IT Acct UAM Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: System Startup/Shutdown Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Acct Created, Used, Deleted Inv MAS: Account Created Inv MAS: Priv Acct Auth Failure Inv MAS: Priv Acct Auth Success Inv MAS: Priv Acct UAM Inv MAS: Priv Acct Access Success Inv MAS: Priv Acct Access Failure Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Default Acct Authentication Failure Inv MAS: Default Acct Authentication Success Inv MAS: Default Acct Access Failure Inv MAS: Default Acct Access Success Inv MAS: Default Acct Disabled/Enabled Inv MAS: Default Acct UAM Inv MAS: Shared Acct Authentication Failure Inv MAS: Shared Acct Authentication Success Inv MAS: Shared Acct Access Failure Inv MAS: Shared Acct Access Success Inv MAS: Shared Acct Disabled/Enabled Inv MAS: Shared Acct UAM Inv MAS: BU Acct Authentication Failure Inv MAS: BU Acct Authentication Success Inv MAS: BU Acct Access Failure Inv MAS: BU Acct Access Success Inv MAS: BU Acct Disabled/Enabled Inv MAS: BU Acct UAM Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Auth Failure Inv MAS: HR Payroll Acct Auth Success Inv MAS: HR Payroll Acct Accs Failure Inv MAS: HR Payroll Acct Accs Success Inv MAS: HR Payroll Acct Disable/Enable Inv MAS: HR Payroll Acct UAM Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Acct Created, Used, Deleted Summary MAS: Account Created Summary MAS: Usage Auditing Activity Summary MAS: Priv Acct Auth Failure Summary MAS: Priv Acct Auth Success Summary MAS: Priv Acct UAM Summary MAS: Priv Acct Access Success Summary MAS: Priv Acct Access Failure Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Default Acct Authentication Failure Summary MAS: Default Acct Authentication Success Summary MAS: Default Acct Access Failure Summary MAS: Default Acct Access Success Summary MAS: Default Acct Disabled/Enabled Summary MAS: Default Acct UAM Summary MAS: Shared Acct Authentication Failure Summary MAS: Shared Acct Authentication Success Summary MAS: Shared Acct Access Failure Summary MAS: Shared Acct Access Success Summary MAS: Shared Acct Disabled/Enabled Summary MAS: Shared Acct UAM Summary MAS: BU Acct Authentication Failure Summary MAS: BU Acct Authentication Success Summary MAS: BU Acct Access Failure Summary MAS: BU Acct Access Success Summary MAS: BU Acct Disabled/Enabled Summary MAS: BU Acct UAM Summary MAS: IT Acct Authentication Failure Summary MAS: IT Acct Authentication Success Summary MAS: IT Acct Access Failure Summary MAS: IT Acct Access Success Summary MAS: IT Acct Disabled/Enabled Summary MAS: IT Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Auth Failure Summary MAS: HR Payroll Acct Auth Success Summary MAS: HR Payroll Acct Accs Failure Summary MAS: HR Payroll Acct Accs Success Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: HR Payroll Acct UAM Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Data Loss Prevention Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Priv Acct Auth Failure Detail MAS: Priv Acct Auth Success Detail MAS: Priv Acct UAM Detail MAS: Priv Acct Access Success Detail MAS: Priv Acct Access Failure Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Default Acct Authentication Failure Detail MAS: Default Acct Authentication Success Detail MAS: Default Acct Access Failure Detail MAS: Default Acct Access Success Detail MAS: Default Acct Disabled/Enabled Detail MAS: Default Acct UAM Detail MAS: Shared Acct Authentication Failure Detail MAS: Shared Acct Authentication Success Detail MAS: Shared Acct Access Failure Detail MAS: Shared Acct Access Success Detail MAS: Shared Acct Disabled/Enabled Detail MAS: Shared Acct UAM Detail MAS: BU Acct Authentication Failure Detail MAS: BU Acct Authentication Success Detail MAS: BU Acct Access Failure Detail MAS: BU Acct Access Success Detail MAS: BU Acct Disabled/Enabled Detail MAS: BU Acct UAM Detail MAS: IT Acct Authentication Failure Detail MAS: IT Acct Authentication Success Detail MAS: IT Acct Access Failure Detail MAS: IT Acct Access Success Detail MAS: IT Acct Disabled/Enabled Detail MAS: IT Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Auth Failure Detail MAS: HR Payroll Acct Auth Success Detail MAS: HR Payroll Acct Accs Failure Detail MAS: HR Payroll Acct Accs Success Detail MAS: HR Payroll Acct Disable/Enable Detail MAS: HR Payroll Acct UAM Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
9.3.1: IT systems and devices are configured with security settings that are consistent with the expected level of protection. | Augment | N/A | MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Non-Encrypted Protocol Inv MAS: Time Sync Error Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv | MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: Non-Encrypted Protocol Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Time Sync Error Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Non-Encrypted Protocol Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail |
9.3.1: Baseline standards are established to facilitate consistent application of security configurations to operating systems, databases, network devices and enterprise mobile devices within the IT environment. | Augment | N/A | MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Non-Encrypted Protocol Inv MAS: Time Sync Error Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv | MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: Non-Encrypted Protocol Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Time Sync Error Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Non-Encrypted Protocol Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail |
9.3.2: Regular enforcement checks are conducted to ensure that baseline standards are applied uniformly and non-compliances are detected and raised for investigation. | Augment | N/A | MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Non-Encrypted Protocol Inv MAS: Time Sync Error Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv | MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: Non-Encrypted Protocol Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Time Sync Error Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Non-Encrypted Protocol Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail |
9.3.2: The frequency of enforcement reviews is commensurate with the risk level of systems. | Augment | N/A | N/A | N/A |
| 9.3.3: Anti-virus software is deployed to servers, if applicable, and workstations. | Augment | N/A | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Acct Created, Used, Deleted Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
9.3.4: Network security devices, such as firewalls as well as intrusion detection and prevention systems, are installed at critical junctures to protect network perimeters. | Augment | N/A | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Acct Created, Used, Deleted Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
9.3.4: Firewalls, or other similar measures are deployed within internal networks to minimise the impact of security exposures originating from third party or overseas systems, as well as from the internal trusted network. | Augment | N/A | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Acct Created, Used, Deleted Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
9.3.4: Rules on network security devices are regularly backed up. | Augment | MAS: Backup Activity Rule | MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv | MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail |
9.3.5: Measures are implemented to secure the organisation's Wireless Local Area Networks (WLAN) from unauthorised access. | Augment | N/A | MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv MAS: Rogue Access Point Inv | MAS: Discovered Wireless Access Activity Summary MAS: Rogue Access Point Summary MAS: Suspected Wireless Attack Summary MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail MAS: Rogue Access Point Detail |
9.4.1: Vulnerability assessments are conducted regularly to detect security vulnerabilities in the IT environment. | Augment | N/A | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Rogue Access Point Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Acct Created, Used, Deleted Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
9.4.2: Automated tools and manual techniques are used to perform a vulnerability assessment. | Augment | N/A | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Acct Created, Used, Deleted Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
9.4.2: For web- based external facing systems, the scope of vulnerability assessment includes common web vulnerabilities such as SQL injection and cross-site scripting. | Augment | N/A | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Acct Created, Used, Deleted Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
9.4.3: A process is established to remedy issues identified in vulnerability assessments. | Augment | N/A | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Acct Created, Used, Deleted Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
9.5.1: Patch management procedures are established. | Augment | N/A | MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv | MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail |
9.5.1: Patch management procedures include the identification, categorisation and prioritisation of security patches. | Augment | N/A | MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv | MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail |
| 9.5.2: Security patches are rigorously tested before deployment into the production environment. | Augment | MAS: TST Priv Acct Auth Rule | MAS: TST Environment Error Inv MAS: TST Authentication Success Inv MAS: TST Authentication Failure Inv MAS: TST Access Success Inv MAS: TST Access Failure Inv MAS: TST Priv Acct Authentication Inv MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv | MAS: TST Environment Error Summary MAS: TST Authentication Success Summary MAS: TST Authentication Failure Summary MAS: TST Access Success Summary MAS: TST Access Failure Summary MAS: TST Priv Acct Authentication Summary MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail |
9.6.1: Security monitoring systems and processes are established to facilitate prompt detection of unauthorised or malicious activities by internal and external parties. | Augment | N/A | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Acct Created, Used, Deleted Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Acct Created, Used, Deleted Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
9.6.2: Network surveillance and security monitoring procedures are implemented with the use of network security devices, such as intrusion detection and prevention systems, to protect against network intrusion attacks as well as provide alerts when an intrusion occurs. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule MAS: HR Payroll Acct Auth Failure Rule MAS: HR Payroll Acct Auth Success Rule MAS: HR Payroll Acct Accs Failure Rule MAS: HR Payroll Acct Accs Success Rule MAS: HR Payroll Acct Disable/Enable Rule MAS: HR Payroll Acct UAM MAS: Priv Acct Auth Failure Rule MAS: Priv Acct Auth Success Rule MAS: Priv Acct UAM Rule MAS: Priv Acct Access Success Rule MAS: Priv Acct Access Failure Rule MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule MAS: Default Acct Auth Failure Rule MAS: Default Acct Auth Success Rule MAS: Default Acct Access Failure Rule MAS: Default Acct Access Success Rule MAS: Default Acct Disabled/Enabled Rule MAS: Default Acct UAM Rule MAS: Shared Acct Auth Failure Rule MAS: Shared Acct Auth Success Rule MAS: Shared Acct Access Failure Rule MAS: Shared Acct Access Success Rule MAS: Shared Acct Disabled/Enabled Rule MAS: Shared Acct UAM Rule MAS: BU Acct Auth Failure Rule MAS: BU Acct Auth Success Rule MAS: BU Acct Access Failure Rule MAS: BU Acct Access Success Rule MAS: BU Acct Disabled/Enabled Rule MAS: BU Acct UAM Rule MAS: IT Acct Auth Failure Rule MAS: IT Acct Authentication Success Rule MAS: IT Acct Access Failure Rule MAS: IT Acct Access Success Rule MAS: IT Acct Disabled/Enabled Rule MAS: IT Acct UAM Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: System Startup/Shutdown Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Acct Created, Used, Deleted Inv MAS: Account Created Inv MAS: Priv Acct Auth Failure Inv MAS: Priv Acct Auth Success Inv MAS: Priv Acct UAM Inv MAS: Priv Acct Access Success Inv MAS: Priv Acct Access Failure Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Default Acct Authentication Failure Inv MAS: Default Acct Authentication Success Inv MAS: Default Acct Access Failure Inv MAS: Default Acct Access Success Inv MAS: Default Acct Disabled/Enabled Inv MAS: Default Acct UAM Inv MAS: Shared Acct Authentication Failure Inv MAS: Shared Acct Authentication Success Inv MAS: Shared Acct Access Failure Inv MAS: Shared Acct Access Success Inv MAS: Shared Acct Disabled/Enabled Inv MAS: Shared Acct UAM Inv MAS: BU Acct Authentication Failure Inv MAS: BU Acct Authentication Success Inv MAS: BU Acct Access Failure Inv MAS: BU Acct Access Success Inv MAS: BU Acct Disabled/Enabled Inv MAS: BU Acct UAM Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Auth Failure Inv MAS: HR Payroll Acct Auth Success Inv MAS: HR Payroll Acct Accs Failure Inv MAS: HR Payroll Acct Accs Success Inv MAS: HR Payroll Acct Disable/Enable Inv MAS: HR Payroll Acct UAM Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Acct Created, Used, Deleted Summary MAS: Account Created Summary MAS: Usage Auditing Activity Summary MAS: Priv Acct Auth Failure Summary MAS: Priv Acct Auth Success Summary MAS: Priv Acct UAM Summary MAS: Priv Acct Access Success Summary MAS: Priv Acct Access Failure Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Default Acct Authentication Failure Summary MAS: Default Acct Authentication Success Summary MAS: Default Acct Access Failure Summary MAS: Default Acct Access Success Summary MAS: Default Acct Disabled/Enabled Summary MAS: Default Acct UAM Summary MAS: Shared Acct Authentication Failure Summary MAS: Shared Acct Authentication Success Summary MAS: Shared Acct Access Failure Summary MAS: Shared Acct Access Success Summary MAS: Shared Acct Disabled/Enabled Summary MAS: Shared Acct UAM Summary MAS: BU Acct Authentication Failure Summary MAS: BU Acct Authentication Success Summary MAS: BU Acct Access Failure Summary MAS: BU Acct Access Success Summary MAS: BU Acct Disabled/Enabled Summary MAS: BU Acct UAM Summary MAS: IT Acct Authentication Failure Summary MAS: IT Acct Authentication Success Summary MAS: IT Acct Access Failure Summary MAS: IT Acct Access Success Summary MAS: IT Acct Disabled/Enabled Summary MAS: IT Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Auth Failure Summary MAS: HR Payroll Acct Auth Success Summary MAS: HR Payroll Acct Accs Failure Summary MAS: HR Payroll Acct Accs Success Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: HR Payroll Acct UAM Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Data Loss Prevention Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Priv Acct Auth Failure Detail MAS: Priv Acct Auth Success Detail MAS: Priv Acct UAM Detail MAS: Priv Acct Access Success Detail MAS: Priv Acct Access Failure Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Default Acct Authentication Failure Detail MAS: Default Acct Authentication Success Detail MAS: Default Acct Access Failure Detail MAS: Default Acct Access Success Detail MAS: Default Acct Disabled/Enabled Detail MAS: Default Acct UAM Detail MAS: Shared Acct Authentication Failure Detail MAS: Shared Acct Authentication Success Detail MAS: Shared Acct Access Failure Detail MAS: Shared Acct Access Success Detail MAS: Shared Acct Disabled/Enabled Detail MAS: Shared Acct UAM Detail MAS: BU Acct Authentication Failure Detail MAS: BU Acct Authentication Success Detail MAS: BU Acct Access Failure Detail MAS: BU Acct Access Success Detail MAS: BU Acct Disabled/Enabled Detail MAS: BU Acct UAM Detail MAS: IT Acct Authentication Failure Detail MAS: IT Acct Authentication Success Detail MAS: IT Acct Access Failure Detail MAS: IT Acct Access Success Detail MAS: IT Acct Disabled/Enabled Detail MAS: IT Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Auth Failure Detail MAS: HR Payroll Acct Auth Success Detail MAS: HR Payroll Acct Accs Failure Detail MAS: HR Payroll Acct Accs Success Detail MAS: HR Payroll Acct Disable/Enable Detail MAS: HR Payroll Acct UAM Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
9.6.3: Security monitoring tools which enable the detection of changes to critical IT resources such as databases, system or data files and programs, are implemented to facilitate the identification of unauthorised changes. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule MAS: HR Payroll Acct Auth Failure Rule MAS: HR Payroll Acct Auth Success Rule MAS: HR Payroll Acct Accs Failure Rule MAS: HR Payroll Acct Accs Success Rule MAS: HR Payroll Acct Disable/Enable Rule MAS: HR Payroll Acct UAM MAS: Priv Acct Auth Failure Rule MAS: Priv Acct Auth Success Rule MAS: Priv Acct UAM Rule MAS: Priv Acct Access Success Rule MAS: Priv Acct Access Failure Rule MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule MAS: Default Acct Auth Failure Rule MAS: Default Acct Auth Success Rule MAS: Default Acct Access Failure Rule MAS: Default Acct Access Success Rule MAS: Default Acct Disabled/Enabled Rule MAS: Default Acct UAM Rule MAS: Shared Acct Auth Failure Rule MAS: Shared Acct Auth Success Rule MAS: Shared Acct Access Failure Rule MAS: Shared Acct Access Success Rule MAS: Shared Acct Disabled/Enabled Rule MAS: Shared Acct UAM Rule MAS: BU Acct Auth Failure Rule MAS: BU Acct Auth Success Rule MAS: BU Acct Access Failure Rule MAS: BU Acct Access Success Rule MAS: BU Acct Disabled/Enabled Rule MAS: BU Acct UAM Rule MAS: IT Acct Auth Failure Rule MAS: IT Acct Authentication Success Rule MAS: IT Acct Access Failure Rule MAS: IT Acct Access Success Rule MAS: IT Acct Disabled/Enabled Rule MAS: IT Acct UAM Rule | MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: System Startup/Shutdown Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Non-Encrypted Protocol Inv MAS: Acct Created, Used, Deleted Inv MAS: Account Created Inv MAS: Priv Acct Auth Failure Inv MAS: Priv Acct Auth Success Inv MAS: Priv Acct UAM Inv MAS: Priv Acct Access Success Inv MAS: Priv Acct Access Failure Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Default Acct Authentication Failure Inv MAS: Default Acct Authentication Success Inv MAS: Default Acct Access Failure Inv MAS: Default Acct Access Success Inv MAS: Default Acct Disabled/Enabled Inv MAS: Default Acct UAM Inv MAS: Shared Acct Authentication Failure Inv MAS: Shared Acct Authentication Success Inv MAS: Shared Acct Access Failure Inv MAS: Shared Acct Access Success Inv MAS: Shared Acct Disabled/Enabled Inv MAS: Shared Acct UAM Inv MAS: BU Acct Authentication Failure Inv MAS: BU Acct Authentication Success Inv MAS: BU Acct Access Failure Inv MAS: BU Acct Access Success Inv MAS: BU Acct Disabled/Enabled Inv MAS: BU Acct UAM Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Auth Failure Inv MAS: HR Payroll Acct Auth Success Inv MAS: HR Payroll Acct Accs Failure Inv MAS: HR Payroll Acct Accs Success Inv MAS: HR Payroll Acct Disable/Enable Inv MAS: HR Payroll Acct UAM Inv MAS: Discovered Wireless Access Activity Inv MAS: Suspected Wireless Attack Inv | MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Top Suspicious Users Summary MAS: Top Attacker Summary MAS: Top Suspicious Login Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: System Startup And Shutdown Summary MAS: Time Sync Error Summary MAS: Acct Created, Used, Deleted Summary MAS: Account Created Summary MAS: Usage Auditing Activity Summary MAS: Priv Acct Auth Failure Summary MAS: Priv Acct Auth Success Summary MAS: Priv Acct UAM Summary MAS: Priv Acct Access Success Summary MAS: Priv Acct Access Failure Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Default Acct Authentication Failure Summary MAS: Default Acct Authentication Success Summary MAS: Default Acct Access Failure Summary MAS: Default Acct Access Success Summary MAS: Default Acct Disabled/Enabled Summary MAS: Default Acct UAM Summary MAS: Shared Acct Authentication Failure Summary MAS: Shared Acct Authentication Success Summary MAS: Shared Acct Access Failure Summary MAS: Shared Acct Access Success Summary MAS: Shared Acct Disabled/Enabled Summary MAS: Shared Acct UAM Summary MAS: BU Acct Authentication Failure Summary MAS: BU Acct Authentication Success Summary MAS: BU Acct Access Failure Summary MAS: BU Acct Access Success Summary MAS: BU Acct Disabled/Enabled Summary MAS: BU Acct UAM Summary MAS: IT Acct Authentication Failure Summary MAS: IT Acct Authentication Success Summary MAS: IT Acct Access Failure Summary MAS: IT Acct Access Success Summary MAS: IT Acct Disabled/Enabled Summary MAS: IT Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Auth Failure Summary MAS: HR Payroll Acct Auth Success Summary MAS: HR Payroll Acct Accs Failure Summary MAS: HR Payroll Acct Accs Success Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: HR Payroll Acct UAM Summary MAS: Discovered Wireless Access Activity Summary MAS: Suspected Wireless Attack Summary MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Data Loss Prevention Detail MAS: Audit Log Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: System Startup And Shutdown Detail MAS: Data Loss Prevention Detail MAS: Non-Encrypted Protocol Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail MAS: TST Environment Error Detail MAS: TST Authentication Success Detail MAS: TST Authentication Failure Detail MAS: TST Access Success Detail MAS: TST Access Failure Detail MAS: TST Priv Acct Authentication Detail MAS: Acct Created, Used, Deleted Detail MAS: Acct Created, Used, Deleted Detail MAS: Account Created Detail MAS: Priv Acct Auth Failure Detail MAS: Priv Acct Auth Success Detail MAS: Priv Acct UAM Detail MAS: Priv Acct Access Success Detail MAS: Priv Acct Access Failure Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Default Acct Authentication Failure Detail MAS: Default Acct Authentication Success Detail MAS: Default Acct Access Failure Detail MAS: Default Acct Access Success Detail MAS: Default Acct Disabled/Enabled Detail MAS: Default Acct UAM Detail MAS: Shared Acct Authentication Failure Detail MAS: Shared Acct Authentication Success Detail MAS: Shared Acct Access Failure Detail MAS: Shared Acct Access Success Detail MAS: Shared Acct Disabled/Enabled Detail MAS: Shared Acct UAM Detail MAS: BU Acct Authentication Failure Detail MAS: BU Acct Authentication Success Detail MAS: BU Acct Access Failure Detail MAS: BU Acct Access Success Detail MAS: BU Acct Disabled/Enabled Detail MAS: BU Acct UAM Detail MAS: IT Acct Authentication Failure Detail MAS: IT Acct Authentication Success Detail MAS: IT Acct Access Failure Detail MAS: IT Acct Access Success Detail MAS: IT Acct Disabled/Enabled Detail MAS: IT Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Auth Failure Detail MAS: HR Payroll Acct Auth Success Detail MAS: HR Payroll Acct Accs Failure Detail MAS: HR Payroll Acct Accs Success Detail MAS: HR Payroll Acct Disable/Enable Detail MAS: HR Payroll Acct UAM Detail MAS: Discovered Wireless Access Activity Detail MAS: Suspected Wireless Attack Detail |
9.6.4: Real-time monitoring of security events for critical systems and applications are performed to facilitate the prompt detection of malicious activities on these systems and applications. | Augment | N/A | N/A | N/A |
9.6.5: Security logs of systems, applications and network devices are regularly reviewed for anomalies. | Augment | N/A | N/A | N/A |
9.6.6: System logs are adequately protected and retained to facilitate future investigation. | Direct | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule | MAS: Data Loss Prevention Inv MAS: Critical Environment Error Inv MAS: Production Environment Error Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv MAS: Data Loss Prevention Inv MAS: Audit Log Inv | MAS: Audit Log Summary MAS: Data Loss Prevention Summary MAS: Non-Encrypted Protocol Summary MAS: Acct Created, Used, Deleted Summary MAS: Top Applications Experiencing Errors Summary MAS: Top Hosts Experiencing Errors Summary MAS: Critical Environment Error Summary MAS: Production Environment Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: Time Sync Error Summary MAS: Audit Log Detail MAS: Data Loss Prevention Detail MAS: Acct Created, Used, Deleted Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Critical Environment Error Detail MAS: Production Environment Error Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: Data Loss Prevention Detail MAS: Time Sync Error Detail MAS: FIM Activity Rule Detail |
9.6.6: When determining the log retention period, the statutory requirements for document retention and protection are considered. | Augment | N/A | N/A | N/A |
10.2.1: Access to the DC is limited to authorised staff only. | Augment | MAS: Physical Access Rule MAS: Suspicious Door Access Rule | MAS: Physical Access Inv MAS: Suspicious Door Access Inv | MAS: Physical Access Activity Summary MAS: Suspicious Door Access Summary MAS: Physical Access Detail MAS: Suspicious Door Access Detail |
10.2.1: Access to the DC is granted on a need to have basis. | Augment | MAS: Physical Access Rule MAS: Suspicious Door Access Rule | MAS: Physical Access Inv MAS: Suspicious Door Access Inv | MAS: Physical Access Activity Summary MAS: Suspicious Door Access Summary MAS: Physical Access Detail MAS: Suspicious Door Access Detail |
10.2.1: Physical access of staff to the DC is revoked immediately if it is no longer required. | Augment | MAS: Physical Access Rule MAS: Suspicious Door Access Rule | MAS: Physical Access Inv MAS: Suspicious Door Access Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv | MAS: Physical Access Activity Summary MAS: Suspicious Door Access Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: Physical Access Detail MAS: Suspicious Door Access Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail |
10.2.2: Proper notification of and approval for visits by non-DC personnel such as vendors, system administrators or engineers are put in place. | Augment | MAS: Physical Access Rule MAS: Suspicious Door Access Rule | MAS: Physical Access Inv MAS: Suspicious Door Access Inv | MAS: Physical Access Activity Summary MAS: Suspicious Door Access Summary MAS: Physical Access Detail MAS: Suspicious Door Access Detail |
10.2.2: Visitors are accompanied at all times by an authorised employee while in the DC. | Augment | MAS: Physical Access Rule MAS: Suspicious Door Access Rule | MAS: Physical Access Inv MAS: Suspicious Door Access Inv | MAS: Physical Access Activity Summary MAS: Suspicious Door Access Summary MAS: Physical Access Detail MAS: Suspicious Door Access Detail |
10.2.3: The perimeter of the DC, DC building, facility, and equipment room are physically secured and monitored. | Augment | MAS: Physical Access Rule MAS: Suspicious Door Access Rule | MAS: Physical Access Inv MAS: Suspicious Door Access Inv | MAS: Physical Access Activity Summary MAS: Suspicious Door Access Summary MAS: Physical Access Detail MAS: Suspicious Door Access Detail |
10.2.3: Physical, human and procedural controls such as the use of security guards, card access systems, mantraps and bollards are deployed where appropriate. | Augment | MAS: Physical Access Rule MAS: Suspicious Door Access Rule | MAS: Physical Access Inv MAS: Suspicious Door Access Inv | MAS: Physical Access Activity Summary MAS: Suspicious Door Access Summary MAS: Physical Access Detail MAS: Suspicious Door Access Detail |
10.2.4: Security systems and surveillance tools are deployed where appropriate, to monitor and record activities that take place within the DC. | Direct | MAS: Physical Access Rule MAS: Suspicious Door Access Rule | MAS: Physical Access Inv MAS: Suspicious Door Access Inv | MAS: Physical Access Activity Summary MAS: Suspicious Door Access Summary MAS: Physical Access Detail MAS: Suspicious Door Access Detail |
10.2.4: Physical security measures are established to prevent unauthorised access to systems, equipment racks and tapes. | Augment | MAS: Physical Access Rule MAS: Suspicious Door Access Rule | MAS: Physical Access Inv MAS: Suspicious Door Access Inv | MAS: Physical Access Activity Summary MAS: Suspicious Door Access Summary MAS: Physical Access Detail MAS: Suspicious Door Access Detail |
11.1.1: User access to IT systems and networks is granted on a need-to-use basis and within the period when the access is required. | Augment | MAS: Priv Acct Auth Failure Rule MAS: Priv Acct Auth Success Rule MAS: Priv Acct UAM Rule MAS: Priv Acct Access Success Rule MAS: Priv Acct Access Failure Rule MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule MAS: Default Acct Auth Failure Rule MAS: Default Acct Auth Success Rule MAS: Default Acct Access Failure Rule MAS: Default Acct Access Success Rule MAS: Default Acct Disabled/Enabled Rule MAS: Default Acct UAM Rule MAS: Shared Acct Auth Failure Rule MAS: Shared Acct Auth Success Rule MAS: Shared Acct Access Failure Rule MAS: Shared Acct Access Success Rule MAS: Shared Acct Disabled/Enabled Rule MAS: Shared Acct UAM Rule MAS: BU Acct Auth Failure Rule MAS: BU Acct Auth Success Rule MAS: BU Acct Access Failure Rule MAS: BU Acct Access Success Rule MAS: BU Acct Disabled/Enabled Rule MAS: BU Acct UAM Rule MAS: IT Acct Auth Failure Rule MAS: IT Acct Authentication Success Rule MAS: IT Acct Access Failure Rule MAS: IT Acct Access Success Rule MAS: IT Acct Disabled/Enabled Rule MAS: IT Acct UAM Rule MAS: Terminated User Access Activity Rule MAS: Terminated User Authentication Activity Rule MAS: HR Payroll Acct Auth Failure Rule MAS: HR Payroll Acct Auth Success Rule MAS: HR Payroll Acct Accs Failure Rule MAS: HR Payroll Acct Accs Success Rule MAS: HR Payroll Acct Disable/Enable Rule MAS: HR Payroll Acct UAM | MAS: Account Created Inv MAS: Acct Created, Used, Deleted Inv MAS: Priv Acct Auth Failure Inv MAS: Priv Acct Auth Success Inv MAS: Priv Acct UAM Inv MAS: Priv Acct Access Success Inv MAS: Priv Acct Access Failure Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Default Acct Authentication Failure Inv MAS: Default Acct Authentication Success Inv MAS: Default Acct Access Failure Inv MAS: Default Acct Access Success Inv MAS: Default Acct Disabled/Enabled Inv MAS: Default Acct UAM Inv MAS: Shared Acct Authentication Failure Inv MAS: Shared Acct Authentication Success Inv MAS: Shared Acct Access Failure Inv MAS: Shared Acct Access Success Inv MAS: Shared Acct Disabled/Enabled Inv MAS: Shared Acct UAM Inv MAS: BU Acct Authentication Failure Inv MAS: BU Acct Authentication Success Inv MAS: BU Acct Access Failure Inv MAS: BU Acct Access Success Inv MAS: BU Acct Disabled/Enabled Inv MAS: BU Acct UAM Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Auth Failure Inv MAS: HR Payroll Acct Auth Success Inv MAS: HR Payroll Acct Accs Failure Inv MAS: HR Payroll Acct Accs Success Inv MAS: HR Payroll Acct Disable/Enable Inv MAS: HR Payroll Acct UAM Inv | MAS: Account Created Summary MAS: Acct Created, Used, Deleted Summary MAS: Usage Auditing Activity Summary MAS: Priv Acct Auth Failure Summary MAS: Priv Acct Auth Success Summary MAS: Priv Acct UAM Summary MAS: Priv Acct Access Success Summary MAS: Priv Acct Access Failure Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Default Acct Authentication Failure Summary MAS: Default Acct Authentication Success Summary MAS: Default Acct Access Failure Summary MAS: Default Acct Access Success Summary MAS: Default Acct Disabled/Enabled Summary MAS: Default Acct UAM Summary MAS: Shared Acct Authentication Failure Summary MAS: Shared Acct Authentication Success Summary MAS: Shared Acct Access Failure Summary MAS: Shared Acct Access Success Summary MAS: Shared Acct Disabled/Enabled Summary MAS: Shared Acct UAM Summary MAS: BU Acct Authentication Failure Summary MAS: BU Acct Authentication Success Summary MAS: BU Acct Access Failure Summary MAS: BU Acct Access Success Summary MAS: BU Acct Disabled/Enabled Summary MAS: BU Acct UAM Summary MAS: IT Acct Authentication Failure Summary MAS: IT Acct Authentication Success Summary MAS: IT Acct Access Failure Summary MAS: IT Acct Access Success Summary MAS: IT Acct Disabled/Enabled Summary MAS: IT Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Auth Failure Summary MAS: HR Payroll Acct Auth Success Summary MAS: HR Payroll Acct Accs Failure Summary MAS: HR Payroll Acct Accs Success Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: HR Payroll Acct UAM Summary MAS: Account Created Detail MAS: Acct Created, Used, Deleted Detail MAS: Priv Acct Auth Failure Detail MAS: Priv Acct Auth Success Detail MAS: Priv Acct UAM Detail MAS: Priv Acct Access Success Detail MAS: Priv Acct Access Failure Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Default Acct Authentication Failure Detail MAS: Default Acct Authentication Success Detail MAS: Default Acct Access Failure Detail MAS: Default Acct Access Success Detail MAS: Default Acct Disabled/Enabled Detail MAS: Default Acct UAM Detail MAS: Shared Acct Authentication Failure Detail MAS: Shared Acct Authentication Success Detail MAS: Shared Acct Access Failure Detail MAS: Shared Acct Access Success Detail MAS: Shared Acct Disabled/Enabled Detail MAS: Shared Acct UAM Detail MAS: BU Acct Authentication Failure Detail MAS: BU Acct Authentication Success Detail MAS: BU Acct Access Failure Detail MAS: BU Acct Access Success Detail MAS: BU Acct Disabled/Enabled Detail MAS: BU Acct UAM Detail MAS: IT Acct Authentication Failure Detail MAS: IT Acct Authentication Success Detail MAS: IT Acct Access Failure Detail MAS: IT Acct Access Success Detail MAS: IT Acct Disabled/Enabled Detail MAS: IT Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Auth Failure Detail MAS: HR Payroll Acct Auth Success Detail MAS: HR Payroll Acct Accs Failure Detail MAS: HR Payroll Acct Accs Success Detail MAS: HR Payroll Acct Disable/Enable Detail MAS: HR Payroll Acct UAM Detail |
11.1.1: All requests to access IT resources are duly authorised and approved by the resource owner. | Augment | MAS: IT Acct Auth Failure Rule MAS: IT Acct Authentication Success Rule MAS: IT Acct Access Failure Rule MAS: IT Acct Access Success Rule MAS: IT Acct Disabled/Enabled Rule MAS: IT Acct UAM Rule MAS: Terminated User Access Activity Rule MAS: Terminated User Authentication Activity Rule | MAS: Account Created Inv MAS: Acct Created, Used, Deleted Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv | MAS: Account Created Summary MAS: Acct Created, Used, Deleted Summary MAS: Usage Auditing Activity Summary MAS: IT Acct Authentication Failure Summary MAS: IT Acct Authentication Success Summary MAS: IT Acct Access Failure Summary MAS: IT Acct Access Success Summary MAS: IT Acct Disabled/Enabled Summary MAS: IT Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: Account Created Detail MAS: Acct Created, Used, Deleted Detail MAS: IT Acct Authentication Failure Detail MAS: IT Acct Authentication Success Detail MAS: IT Acct Access Failure Detail MAS: IT Acct Access Success Detail MAS: IT Acct Disabled/Enabled Detail MAS: IT Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail |
11.1.2: Employees of vendors or service providers are subjected to close supervision, monitoring and access restrictions similar to those expected of the organisation's own staff. | Augment | MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule MAS: Terminated User Access Activity Rule MAS: Terminated User Authentication Activity Rule | MAS: Account Created Inv MAS: Acct Created, Used, Deleted Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv | MAS: Account Created Summary MAS: Acct Created, Used, Deleted Summary MAS: Usage Auditing Activity Summary MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: Account Created Detail MAS: Acct Created, Used, Deleted Detail MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail |
11.1.3: Records of user access are uniquely identified and logged for audit and review purposes. | Direct |
MAS: Priv Acct Auth Failure Rule MAS: Priv Acct Auth Success Rule MAS: Priv Acct UAM Rule MAS: Priv Acct Access Success Rule MAS: Priv Acct Access Failure Rule MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule MAS: Default Acct Auth Failure Rule MAS: Default Acct Auth Success Rule MAS: Default Acct Access Failure Rule MAS: Default Acct Access Success Rule MAS: Default Acct Disabled/Enabled Rule MAS: Default Acct UAM Rule MAS: Shared Acct Auth Failure Rule MAS: Shared Acct Auth Success Rule MAS: Shared Acct Access Failure Rule MAS: Shared Acct Access Success Rule MAS: Shared Acct Disabled/Enabled Rule MAS: Shared Acct UAM Rule MAS: BU Acct Auth Failure Rule MAS: BU Acct Auth Success Rule MAS: BU Acct Access Failure Rule MAS: BU Acct Access Success Rule MAS: BU Acct Disabled/Enabled Rule MAS: BU Acct UAM Rule MAS: IT Acct Auth Failure Rule MAS: IT Acct Authentication Success Rule MAS: IT Acct Access Failure Rule MAS: IT Acct Access Success Rule MAS: IT Acct Disabled/Enabled Rule MAS: IT Acct UAM Rule MAS: Terminated User Access Activity Rule MAS: Terminated User Authentication Activity Rule MAS: HR Payroll Acct Auth Failure Rule MAS: HR Payroll Acct Auth Success Rule MAS: HR Payroll Acct Accs Failure Rule MAS: HR Payroll Acct Accs Success Rule MAS: HR Payroll Acct Disable/Enable Rule MAS: HR Payroll Acct UAM | MAS: Account Created Inv MAS: Acct Created, Used, Deleted Inv MAS: Priv Acct Auth Failure Inv MAS: Priv Acct Auth Success Inv MAS: Priv Acct UAM Inv MAS: Priv Acct Access Success Inv MAS: Priv Acct Access Failure Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Default Acct Authentication Failure Inv MAS: Default Acct Authentication Success Inv MAS: Default Acct Access Failure Inv MAS: Default Acct Access Success Inv MAS: Default Acct Disabled/Enabled Inv MAS: Default Acct UAM Inv MAS: Shared Acct Authentication Failure Inv MAS: Shared Acct Authentication Success Inv MAS: Shared Acct Access Failure Inv MAS: Shared Acct Access Success Inv MAS: Shared Acct Disabled/Enabled Inv MAS: Shared Acct UAM Inv MAS: BU Acct Authentication Failure Inv MAS: BU Acct Authentication Success Inv MAS: BU Acct Access Failure Inv MAS: BU Acct Access Success Inv MAS: BU Acct Disabled/Enabled Inv MAS: BU Acct UAM Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Auth Failure Inv MAS: HR Payroll Acct Auth Success Inv MAS: HR Payroll Acct Accs Failure Inv MAS: HR Payroll Acct Accs Success Inv MAS: HR Payroll Acct Disable/Enable Inv MAS: HR Payroll Acct UAM Inv | MAS: Account Created Summary MAS: Acct Created, Used, Deleted Summary MAS: Usage Auditing Activity Summary MAS: Priv Acct Auth Failure Summary MAS: Priv Acct Auth Success Summary MAS: Priv Acct UAM Summary MAS: Priv Acct Access Success Summary MAS: Priv Acct Access Failure Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Default Acct Authentication Failure Summary MAS: Default Acct Authentication Success Summary MAS: Default Acct Access Failure Summary MAS: Default Acct Access Success Summary MAS: Default Acct Disabled/Enabled Summary MAS: Default Acct UAM Summary MAS: Shared Acct Authentication Failure Summary MAS: Shared Acct Authentication Success Summary MAS: Shared Acct Access Failure Summary MAS: Shared Acct Access Success Summary MAS: Shared Acct Disabled/Enabled Summary MAS: Shared Acct UAM Summary MAS: BU Acct Authentication Failure Summary MAS: BU Acct Authentication Success Summary MAS: BU Acct Access Failure Summary MAS: BU Acct Access Success Summary MAS: BU Acct Disabled/Enabled Summary MAS: BU Acct UAM Summary MAS: IT Acct Authentication Failure Summary MAS: IT Acct Authentication Success Summary MAS: IT Acct Access Failure Summary MAS: IT Acct Access Success Summary MAS: IT Acct Disabled/Enabled Summary MAS: IT Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Auth Failure Summary MAS: HR Payroll Acct Auth Success Summary MAS: HR Payroll Acct Accs Failure Summary MAS: HR Payroll Acct Accs Success Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: HR Payroll Acct UAM Summary MAS: Account Created Detail MAS: Acct Created, Used, Deleted Detail MAS: Priv Acct Auth Failure Detail MAS: Priv Acct Auth Success Detail MAS: Priv Acct UAM Detail MAS: Priv Acct Access Success Detail MAS: Priv Acct Access Failure Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Default Acct Authentication Failure Detail MAS: Default Acct Authentication Success Detail MAS: Default Acct Access Failure Detail MAS: Default Acct Access Success Detail MAS: Default Acct Disabled/Enabled Detail MAS: Default Acct UAM Detail MAS: Shared Acct Authentication Failure Detail MAS: Shared Acct Authentication Success Detail MAS: Shared Acct Access Failure Detail MAS: Shared Acct Access Success Detail MAS: Shared Acct Disabled/Enabled Detail MAS: Shared Acct UAM Detail MAS: BU Acct Authentication Failure Detail MAS: BU Acct Authentication Success Detail MAS: BU Acct Access Failure Detail MAS: BU Acct Access Success Detail MAS: BU Acct Disabled/Enabled Detail MAS: BU Acct UAM Detail MAS: IT Acct Authentication Failure Detail MAS: IT Acct Authentication Success Detail MAS: IT Acct Access Failure Detail MAS: IT Acct Access Success Detail MAS: IT Acct Disabled/Enabled Detail MAS: IT Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Auth Failure Detail MAS: HR Payroll Acct Auth Success Detail MAS: HR Payroll Acct Accs Failure Detail MAS: HR Payroll Acct Accs Success Detail MAS: HR Payroll Acct Disable/Enable Detail MAS: HR Payroll Acct UAM Detail |
11.1.4: User access privileges are regularly reviewed to verify that privileges are granted appropriately and according to the ‘least privilege’ principle. | Augment |
MAS: Priv Acct Auth Failure Rule MAS: Priv Acct Auth Success Rule MAS: Priv Acct UAM Rule MAS: Priv Acct Access Success Rule MAS: Priv Acct Access Failure Rule MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule MAS: Default Acct Auth Failure Rule MAS: Default Acct Auth Success Rule MAS: Default Acct Access Failure Rule MAS: Default Acct Access Success Rule MAS: Default Acct Disabled/Enabled Rule MAS: Default Acct UAM Rule MAS: Shared Acct Auth Failure Rule MAS: Shared Acct Auth Success Rule MAS: Shared Acct Access Failure Rule MAS: Shared Acct Access Success Rule MAS: Shared Acct Disabled/Enabled Rule MAS: Shared Acct UAM Rule MAS: BU Acct Auth Failure Rule MAS: BU Acct Auth Success Rule MAS: BU Acct Access Failure Rule MAS: BU Acct Access Success Rule MAS: BU Acct Disabled/Enabled Rule MAS: BU Acct UAM Rule MAS: IT Acct Auth Failure Rule MAS: IT Acct Authentication Success Rule MAS: IT Acct Access Failure Rule MAS: IT Acct Access Success Rule MAS: IT Acct Disabled/Enabled Rule MAS: IT Acct UAM Rule MAS: Terminated User Access Activity Rule MAS: Terminated User Authentication Activity Rule MAS: HR Payroll Acct Auth Failure Rule MAS: HR Payroll Acct Auth Success Rule MAS: HR Payroll Acct Accs Failure Rule MAS: HR Payroll Acct Accs Success Rule MAS: HR Payroll Acct Disable/Enable Rule MAS: HR Payroll Acct UAM | MAS: Account Created Inv MAS: Acct Created, Used, Deleted Inv MAS: Priv Acct Auth Failure Inv MAS: Priv Acct Auth Success Inv MAS: Priv Acct UAM Inv MAS: Priv Acct Access Success Inv MAS: Priv Acct Access Failure Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Default Acct Authentication Failure Inv MAS: Default Acct Authentication Success Inv MAS: Default Acct Access Failure Inv MAS: Default Acct Access Success Inv MAS: Default Acct Disabled/Enabled Inv MAS: Default Acct UAM Inv MAS: Shared Acct Authentication Failure Inv MAS: Shared Acct Authentication Success Inv MAS: Shared Acct Access Failure Inv MAS: Shared Acct Access Success Inv MAS: Shared Acct Disabled/Enabled Inv MAS: Shared Acct UAM Inv MAS: BU Acct Authentication Failure Inv MAS: BU Acct Authentication Success Inv MAS: BU Acct Access Failure Inv MAS: BU Acct Access Success Inv MAS: BU Acct Disabled/Enabled Inv MAS: BU Acct UAM Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Auth Failure Inv MAS: HR Payroll Acct Auth Success Inv MAS: HR Payroll Acct Accs Failure Inv MAS: HR Payroll Acct Accs Success Inv MAS: HR Payroll Acct Disable/Enable Inv MAS: HR Payroll Acct UAM Inv | MAS: Account Created Summary MAS: Acct Created, Used, Deleted Summary MAS: Usage Auditing Activity Summary MAS: Priv Acct Auth Failure Summary MAS: Priv Acct Auth Success Summary MAS: Priv Acct UAM Summary MAS: Priv Acct Access Success Summary MAS: Priv Acct Access Failure Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Default Acct Authentication Failure Summary MAS: Default Acct Authentication Success Summary MAS: Default Acct Access Failure Summary MAS: Default Acct Access Success Summary MAS: Default Acct Disabled/Enabled Summary MAS: Default Acct UAM Summary MAS: Shared Acct Authentication Failure Summary MAS: Shared Acct Authentication Success Summary MAS: Shared Acct Access Failure Summary MAS: Shared Acct Access Success Summary MAS: Shared Acct Disabled/Enabled Summary MAS: Shared Acct UAM Summary MAS: BU Acct Authentication Failure Summary MAS: BU Acct Authentication Success Summary MAS: BU Acct Access Failure Summary MAS: BU Acct Access Success Summary MAS: BU Acct Disabled/Enabled Summary MAS: BU Acct UAM Summary MAS: IT Acct Authentication Failure Summary MAS: IT Acct Authentication Success Summary MAS: IT Acct Access Failure Summary MAS: IT Acct Access Success Summary MAS: IT Acct Disabled/Enabled Summary MAS: IT Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Auth Failure Summary MAS: HR Payroll Acct Auth Success Summary MAS: HR Payroll Acct Accs Failure Summary MAS: HR Payroll Acct Accs Success Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: HR Payroll Acct UAM Summary MAS: Account Created Detail MAS: Acct Created, Used, Deleted Detail MAS: Priv Acct Auth Failure Detail MAS: Priv Acct Auth Success Detail MAS: Priv Acct UAM Detail MAS: Priv Acct Access Success Detail MAS: Priv Acct Access Failure Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Default Acct Authentication Failure Detail MAS: Default Acct Authentication Success Detail MAS: Default Acct Access Failure Detail MAS: Default Acct Access Success Detail MAS: Default Acct Disabled/Enabled Detail MAS: Default Acct UAM Detail MAS: Shared Acct Authentication Failure Detail MAS: Shared Acct Authentication Success Detail MAS: Shared Acct Access Failure Detail MAS: Shared Acct Access Success Detail MAS: Shared Acct Disabled/Enabled Detail MAS: Shared Acct UAM Detail MAS: BU Acct Authentication Failure Detail MAS: BU Acct Authentication Success Detail MAS: BU Acct Access Failure Detail MAS: BU Acct Access Success Detail MAS: BU Acct Disabled/Enabled Detail MAS: BU Acct UAM Detail MAS: IT Acct Authentication Failure Detail MAS: IT Acct Authentication Success Detail MAS: IT Acct Access Failure Detail MAS: IT Acct Access Success Detail MAS: IT Acct Disabled/Enabled Detail MAS: IT Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Auth Failure Detail MAS: HR Payroll Acct Auth Success Detail MAS: HR Payroll Acct Accs Failure Detail MAS: HR Payroll Acct Accs Success Detail MAS: HR Payroll Acct Disable/Enable Detail MAS: HR Payroll Acct UAM Detail |
11.1.5: Strong password controls are enforced over users’ access to applications and systems. | Augment | MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Default Acct Disabled/Enabled Rule MAS: Shared Acct Disabled/Enabled Rule MAS: BU Acct Disabled/Enabled Rule MAS: IT Acct Disabled/Enabled Rule MAS: Terminated User Access Activity Rule MAS: Terminated User Authentication Activity Rule MAS: HR Payroll Acct Disable/Enable Rule | MAS: Password Modified Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Default Acct Disabled/Enabled Inv MAS: Shared Acct Disabled/Enabled Inv MAS: BU Acct Disabled/Enabled Inv MAS: IT Acct Disabled/Enabled Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Disable/Enable Inv | MAS: Password Modified Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Default Acct Disabled/Enabled Summary MAS: Shared Acct Disabled/Enabled Summary MAS: BU Acct Disabled/Enabled Summary MAS: IT Acct Disabled/Enabled Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: Password Modified Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Default Acct Disabled/Enabled Detail MAS: Shared Acct Disabled/Enabled Detail MAS: BU Acct Disabled/Enabled Detail MAS: IT Acct Disabled/Enabled Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Disable/Enable Detail |
11.1.5: Password controls include a change of password upon first logon, minimum password length and history, password complexity as well as maximum validity period. | Augment | MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Default Acct Disabled/Enabled Rule MAS: Shared Acct Disabled/Enabled Rule MAS: BU Acct Disabled/Enabled Rule MAS: IT Acct Disabled/Enabled Rule MAS: Terminated User Access Activity Rule MAS: Terminated User Authentication Activity Rule MAS: HR Payroll Acct Disable/Enable Rule | MAS: Password Modified Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Default Acct Disabled/Enabled Inv MAS: Shared Acct Disabled/Enabled Inv MAS: BU Acct Disabled/Enabled Inv MAS: IT Acct Disabled/Enabled Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Disable/Enable Inv | MAS: Password Modified Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Default Acct Disabled/Enabled Summary MAS: Shared Acct Disabled/Enabled Summary MAS: BU Acct Disabled/Enabled Summary MAS: IT Acct Disabled/Enabled Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: Password Modified Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Default Acct Disabled/Enabled Detail MAS: Shared Acct Disabled/Enabled Detail MAS: BU Acct Disabled/Enabled Detail MAS: IT Acct Disabled/Enabled Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Disable/Enable Detail |
11.1.6: Access is granted for a specific purpose and for a defined period. | Augment | MAS: Priv Acct Auth Failure Rule MAS: Priv Acct Auth Success Rule MAS: Priv Acct UAM Rule MAS: Priv Acct Access Success Rule MAS: Priv Acct Access Failure Rule MAS: Priv Acct Disabled/Enabled Rule MAS: Vendor Acct Auth Failure Alert MAS: Vendor Acct Auth Success Rule MAS: Vendor Acct Access Fail Alert MAS: Vendor Acct Access Success Rule MAS: Vendor Acct Disabled/Enabled Rule MAS: Vendor Acct UAM Rule MAS: Default Acct Auth Failure Rule MAS: Default Acct Auth Success Rule MAS: Default Acct Access Failure Rule MAS: Default Acct Access Success Rule MAS: Default Acct Disabled/Enabled Rule MAS: Default Acct UAM Rule MAS: Shared Acct Auth Failure Rule MAS: Shared Acct Auth Success Rule MAS: Shared Acct Access Failure Rule MAS: Shared Acct Access Success Rule MAS: Shared Acct Disabled/Enabled Rule MAS: Shared Acct UAM Rule MAS: BU Acct Auth Failure Rule MAS: BU Acct Auth Success Rule MAS: BU Acct Access Failure Rule MAS: BU Acct Access Success Rule MAS: BU Acct Disabled/Enabled Rule MAS: BU Acct UAM Rule MAS: IT Acct Auth Failure Rule MAS: IT Acct Authentication Success Rule MAS: IT Acct Access Failure Rule MAS: IT Acct Access Success Rule MAS: IT Acct Disabled/Enabled Rule MAS: IT Acct UAM Rule MAS: Terminated User Access Activity Rule MAS: Terminated User Authentication Activity Rule MAS: HR Payroll Acct Auth Failure Rule MAS: HR Payroll Acct Auth Success Rule MAS: HR Payroll Acct Accs Failure Rule MAS: HR Payroll Acct Accs Success Rule MAS: HR Payroll Acct Disable/Enable Rule MAS: HR Payroll Acct UAM | MAS: Account Created Inv MAS: Acct Created, Used, Deleted Inv MAS: Priv Acct Auth Failure Inv MAS: Priv Acct Auth Success Inv MAS: Priv Acct UAM Inv MAS: Priv Acct Access Success Inv MAS: Priv Acct Access Failure Inv MAS: Priv Acct Disabled/Enabled Inv MAS: Vendor Acct Authentication Failure Inv MAS: Vendor Acct Authentication Success Inv MAS: Vendor Acct Access Failure Inv MAS: Vendor Acct Access Success Inv MAS: Vendor Acct Disabled/Enabled Inv MAS: Vendor Acct UAM Inv MAS: Default Acct Authentication Failure Inv MAS: Default Acct Authentication Success Inv MAS: Default Acct Access Failure Inv MAS: Default Acct Access Success Inv MAS: Default Acct Disabled/Enabled Inv MAS: Default Acct UAM Inv MAS: Shared Acct Authentication Failure Inv MAS: Shared Acct Authentication Success Inv MAS: Shared Acct Access Failure Inv MAS: Shared Acct Access Success Inv MAS: Shared Acct Disabled/Enabled Inv MAS: Shared Acct UAM Inv MAS: BU Acct Authentication Failure Inv MAS: BU Acct Authentication Success Inv MAS: BU Acct Access Failure Inv MAS: BU Acct Access Success Inv MAS: BU Acct Disabled/Enabled Inv MAS: BU Acct UAM Inv MAS: IT Acct Authentication Failure Inv MAS: IT Acct Authentication Success Inv MAS: IT Acct Access Failure Inv MAS: IT Acct Access Success Inv MAS: IT Acct Disabled/Enabled Inv MAS: IT Acct UAM Inv MAS: Terminated User Access Activity Inv MAS: Terminated User Authentication Activity Inv MAS: HR Payroll Acct Auth Failure Inv MAS: HR Payroll Acct Auth Success Inv MAS: HR Payroll Acct Accs Failure Inv MAS: HR Payroll Acct Accs Success Inv MAS: HR Payroll Acct Disable/Enable Inv MAS: HR Payroll Acct UAM Inv | MAS: Account Created Summary MAS: Acct Created, Used, Deleted Summary MAS: Usage Auditing Activity Summary MAS: Priv Acct Auth Failure Summary MAS: Priv Acct Auth Success Summary MAS: Priv Acct UAM Summary MAS: Priv Acct Access Success Summary MAS: Priv Acct Access Failure Summary MAS: Priv Acct Disabled/Enabled Summary MAS: Vendor Acct Authentication Failure Summary MAS: Vendor Acct Authentication Success Summary MAS: Vendor Acct Access Failure Summary MAS: Vendor Acct Access Success Summary MAS: Vendor Acct Disabled/Enabled Summary MAS: Vendor Acct UAM Summary MAS: Default Acct Authentication Failure Summary MAS: Default Acct Authentication Success Summary MAS: Default Acct Access Failure Summary MAS: Default Acct Access Success Summary MAS: Default Acct Disabled/Enabled Summary MAS: Default Acct UAM Summary MAS: Shared Acct Authentication Failure Summary MAS: Shared Acct Authentication Success Summary MAS: Shared Acct Access Failure Summary MAS: Shared Acct Access Success Summary MAS: Shared Acct Disabled/Enabled Summary MAS: Shared Acct UAM Summary MAS: BU Acct Authentication Failure Summary MAS: BU Acct Authentication Success Summary MAS: BU Acct Access Failure Summary MAS: BU Acct Access Success Summary MAS: BU Acct Disabled/Enabled Summary MAS: BU Acct UAM Summary MAS: IT Acct Authentication Failure Summary MAS: IT Acct Authentication Success Summary MAS: IT Acct Access Failure Summary MAS: IT Acct Access Success Summary MAS: IT Acct Disabled/Enabled Summary MAS: IT Acct UAM Summary MAS: Terminated User Access Activity Summary MAS: Terminated User Auth Activity Summary MAS: HR Payroll Acct Auth Failure Summary MAS: HR Payroll Acct Auth Success Summary MAS: HR Payroll Acct Accs Failure Summary MAS: HR Payroll Acct Accs Success Summary MAS: HR Payroll Acct Disable/Enable Summary MAS: HR Payroll Acct UAM Summary MAS: Account Created Detail MAS: Acct Created, Used, Deleted Detail MAS: Priv Acct Auth Failure Detail MAS: Priv Acct Auth Success Detail MAS: Priv Acct UAM Detail MAS: Priv Acct Access Success Detail MAS: Priv Acct Access Failure Detail MAS: Priv Acct Disabled/Enabled Detail MAS: Vendor Acct Authentication Failure Detail MAS: Vendor Acct Authentication Success Detail MAS: Vendor Acct Access Failure Detail MAS: Vendor Acct Access Success Detail MAS: Vendor Acct Disabled/Enabled Detail MAS: Vendor Acct UAM Detail MAS: Default Acct Authentication Failure Detail MAS: Default Acct Authentication Success Detail MAS: Default Acct Access Failure Detail MAS: Default Acct Access Success Detail MAS: Default Acct Disabled/Enabled Detail MAS: Default Acct UAM Detail MAS: Shared Acct Authentication Failure Detail MAS: Shared Acct Authentication Success Detail MAS: Shared Acct Access Failure Detail MAS: Shared Acct Access Success Detail MAS: Shared Acct Disabled/Enabled Detail MAS: Shared Acct UAM Detail MAS: BU Acct Authentication Failure Detail MAS: BU Acct Authentication Success Detail MAS: BU Acct Access Failure Detail MAS: BU Acct Access Success Detail MAS: BU Acct Disabled/Enabled Detail MAS: BU Acct UAM Detail MAS: IT Acct Authentication Failure Detail MAS: IT Acct Authentication Success Detail MAS: IT Acct Access Failure Detail MAS: IT Acct Access Success Detail MAS: IT Acct Disabled/Enabled Detail MAS: IT Acct UAM Detail MAS: Terminated User Access Activity Detail MAS: Terminated User Auth Activity Detail MAS: HR Payroll Acct Auth Failure Detail MAS: HR Payroll Acct Auth Success Detail MAS: HR Payroll Acct Accs Failure Detail MAS: HR Payroll Acct Accs Success Detail MAS: HR Payroll Acct Disable/Enable Detail MAS: HR Payroll Acct UAM Detail |
12.0.3: Security controls and system availability and recovery capabilities that are commensurate with the level of risk exposure, are formulated for all internet operations. | Augment | MAS: Online Banking Auth Success Rule MAS: Online Banking Auth Fail Rule MAS: Online Banking Accs Success Rule MAS: Online Banking Accs Fail Rule MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule | MAS: Online Banking Error Inv MAS: Online Banking Auth Success Inv MAS: Online Banking Auth Failure Inv MAS: Online Banking Access Success Inv MAS: Online Banking Access Failure Inv MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: Data Loss Prevention Inv MAS: Audit Log Inv MAS: FIM Critical/Error/Information Inv | MAS: Online Banking Error Summary MAS: Online Banking Auth Success Summary MAS: Online Banking Auth Failure Summary MAS: Online Banking Access Success Summary MAS: Online Banking Access Failure Summary MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Top Attacker Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: Audit Log Summary MAS: Data Loss Prevention Summary MAS: Online Banking Error Detail MAS: Online Banking Auth Success Detail MAS: Online Banking Auth Failure Detail MAS: Online Banking Access Success Detail MAS: Online Banking Access Failure Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: Audit Log Detail MAS: Data Loss Prevention Detail |
12.1.1: A security strategy is devised and measures are put in place to ensure the confidentiality, integrity and availability of data and systems. | Augment | MAS: Online Banking Auth Success Rule MAS: Online Banking Auth Fail Rule MAS: Online Banking Accs Success Rule MAS: Online Banking Accs Fail Rule MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Online Banking Auth Success Inv MAS: Online Banking Auth Failure Inv MAS: Online Banking Access Success Inv MAS: Online Banking Access Failure Inv MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: Data Loss Prevention Inv MAS: Audit Log Inv MAS: FIM Critical/Error/Information Inv | MAS: Online Banking Auth Success Summary MAS: Online Banking Auth Failure Summary MAS: Online Banking Access Success Summary MAS: Online Banking Access Failure Summary MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Top Attacker Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: Audit Log Summary MAS: Data Loss Prevention Summary MAS: Online Banking Auth Success Detail MAS: Online Banking Auth Failure Detail MAS: Online Banking Access Success Detail MAS: Online Banking Access Failure Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: Audit Log Detail MAS: Data Loss Prevention Detail |
12.1.2: Assurance is given to customers and users of internet services that online login access and transactions are adequately protected and authenticated. | Augment | MAS: Online Banking Auth Success Rule MAS: Online Banking Auth Fail Rule MAS: Online Banking Accs Success Rule MAS: Online Banking Accs Fail Rule | MAS: Online Banking Error Inv MAS: Online Banking Auth Success Inv MAS: Online Banking Auth Failure Inv MAS: Online Banking Access Success Inv MAS: Online Banking Access Failure Inv MAS: Audit Log Inv MAS: LogRhythm Silent Log Source Error Inv | MAS: Online Banking Auth Success Summary MAS: Online Banking Auth Failure Summary MAS: Online Banking Access Success Summary MAS: Online Banking Access Failure Summary MAS: Online Banking Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Audit Log Summary MAS: Online Banking Error Detail MAS: Online Banking Auth Success Detail MAS: Online Banking Auth Failure Detail MAS: Online Banking Access Success Detail MAS: Online Banking Access Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail |
| 12.1.3: Security requirements associated with internet systems are evaluated. | Augment | MAS: Online Banking Auth Success Rule MAS: Online Banking Auth Fail Rule MAS: Online Banking Accs Success Rule MAS: Online Banking Accs Fail Rule MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Online Banking Error Inv MAS: Online Banking Auth Success Inv MAS: Online Banking Auth Failure Inv MAS: Online Banking Access Success Inv MAS: Online Banking Access Failure Inv MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: FIM Critical/Error/Information Inv MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: Data Loss Prevention Inv MAS: Audit Log Inv | MAS: Online Banking Auth Success Summary MAS: Online Banking Auth Failure Summary MAS: Online Banking Access Success Summary MAS: Online Banking Access Failure Summary MAS: Online Banking Error Summary MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Top Attacker Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: Audit Log Summary MAS: Data Loss Prevention Summary MAS: Online Banking Error Detail MAS: Online Banking Auth Success Detail MAS: Online Banking Auth Failure Detail MAS: Online Banking Access Success Detail MAS: Online Banking Access Failure Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: Audit Log Detail MAS: Data Loss Prevention Detail |
12.1.3: Only encryption algorithms which are of well- established international standards are adopted. | Augment | N/A | MAS: Non-Encrypted Protocol Inv | MAS: Non-Encrypted Protocol Summary MAS: Non-Encrypted Protocol Detail |
12.1.4: Physical and logical access security are implemented to allow only authorised staff to access systems. | Direct | MAS: Online Banking Auth Success Rule MAS: Online Banking Auth Fail Rule MAS: Online Banking Accs Success Rule MAS: Online Banking Accs Fail Rule MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: FIM Activity Rule MAS: Physical Access Rule MAS: Suspicious Door Access Rule | MAS: Physical Access Inv MAS: Suspicious Door Access Inv MAS: Data Loss Prevention Inv MAS: Audit Log Inv MAS: Online Banking Error Inv MAS: Online Banking Auth Success Inv MAS: Online Banking Auth Failure Inv MAS: Online Banking Access Success Inv MAS: Online Banking Access Failure Inv MAS: LogRhythm Silent Log Source Error Inv | MAS: Online Banking Auth Success Summary MAS: Online Banking Auth Failure Summary MAS: Online Banking Access Success Summary MAS: Online Banking Access Failure Summary MAS: Online Banking Error Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Audit Log Summary MAS: Data Loss Prevention Summary MAS: Physical Access Activity Summary MAS: Suspicious Door Access Summary MAS: Online Banking Error Detail MAS: Online Banking Auth Success Detail MAS: Online Banking Auth Failure Detail MAS: Online Banking Access Success Detail MAS: Online Banking Access Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Physical Access Detail MAS: Suspicious Door Access Detail MAS: Data Loss Prevention Detail |
12.1.4: Appropriate processing and transmission controls are implemented to protect the integrity of systems and data. | Augment | MAS: Online Banking Auth Success Rule MAS: Online Banking Auth Fail Rule MAS: Online Banking Accs Success Rule MAS: Online Banking Accs Fail Rule MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule | MAS: Online Banking Error Inv MAS: Time Sync Error Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Data Loss Prevention Inv MAS: Audit Log Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv | MAS: Online Banking Error Summary MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Top Attacker Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: Audit Log Summary MAS: Data Loss Prevention Summary MAS: Online Banking Error Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: Audit Log Detail MAS: Data Loss Prevention Detail |
12.1.5: Monitoring or surveillance systems are implemented so that the organisation can be alerted of any abnormal system activities, transmission errors or unusual online transactions. | Augment | MAS: Online Banking Auth Success Rule MAS: Online Banking Auth Fail Rule MAS: Online Banking Accs Success Rule MAS: Online Banking Accs Fail Rule MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Online Banking Error Inv MAS: Time Sync Error Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Data Loss Prevention Inv MAS: Audit Log Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv | MAS: Online Banking Error Summary MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Top Attacker Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: Audit Log Summary MAS: Data Loss Prevention Summary MAS: Time Sync Error Summary MAS: Online Banking Error Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: Audit Log Detail MAS: Data Loss Prevention Detail MAS: Time Sync Error Detail |
12.1.6: High resiliency and availability of online systems and supporting systems (such as interface systems, backend host systems and network equipment) are maintained. | Augment | MAS: Backup Activity Rule | MAS: Online Banking Error Inv MAS: Patch Failure Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Audit Log Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: FIM Critical/Error/Information Inv MAS: Time Sync Error Inv | MAS: Online Banking Error Summary MAS: Patch Failure Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: Time Sync Error Summary MAS: Online Banking Error Detail MAS: Patch Failure Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: FIM Critical/Error/Information Detail MAS: Time Sync Error Detail |
12.1.6: Measures are put in place to plan and track capacity utilisation as well as guard against online attacks. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule | MAS: LogRhythm Silent Log Source Error Inv MAS: Data Loss Prevention Inv MAS: Audit Log Inv MAS: FIM Critical/Error/Information Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv | MAS: LogRhythm Silent Log Source Error Summary MAS: Audit Log Summary MAS: Data Loss Prevention Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: LogRhythm Silent Log Source Error Detail MAS: Audit Log Detail MAS: Data Loss Prevention Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail |
12.1.9: Measures are taken to minimise exposure to cyber attacks such as middleman attack. | Direct | MAS: Online Banking Auth Success Rule MAS: Online Banking Auth Fail Rule MAS: Online Banking Accs Success Rule MAS: Online Banking Accs Fail Rule MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Online Banking Error Inv MAS: Time Sync Error Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Data Loss Prevention Inv MAS: Audit Log Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv | MAS: Online Banking Error Summary MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Top Attacker Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: Audit Log Summary MAS: Data Loss Prevention Summary MAS: Time Sync Error Summary MAS: Online Banking Error Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: Audit Log Detail MAS: Data Loss Prevention Detail MAS: Time Sync Error Detail |
12.2.3: Security measures which are similar to those of online financial and payment systems are implemented on mobile online services and payment systems. | Augment | MAS: Online Banking Auth Success Rule MAS: Online Banking Auth Fail Rule MAS: Online Banking Accs Success Rule MAS: Online Banking Accs Fail Rule MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Online Banking Error Inv MAS: Time Sync Error Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Data Loss Prevention Inv MAS: Audit Log Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv | MAS: Online Banking Error Summary MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Top Attacker Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: Audit Log Summary MAS: Data Loss Prevention Summary MAS: Time Sync Error Summary MAS: Online Banking Error Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: Audit Log Detail MAS: Data Loss Prevention Detail MAS: Time Sync Error Detail |
12.2.3: Appropriate measures are put in place to counteract payment card fraud via mobile devices. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule | MAS: Data Loss Prevention Inv MAS: Audit Log Inv | MAS: Audit Log Summary MAS: Data Loss Prevention Summary MAS: Audit Log Detail MAS: Data Loss Prevention Detail |
12.2.4: Adequate safeguards are implemented to protect sensitive or confidential information used for mobile online services and payments. | Augment | MAS: Online Banking Auth Success Rule MAS: Online Banking Auth Fail Rule MAS: Online Banking Accs Success Rule MAS: Online Banking Accs Fail Rule MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule MAS: FIM Activity Rule | MAS: Online Banking Error Inv MAS: Time Sync Error Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Data Loss Prevention Inv MAS: Audit Log Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv | MAS: Online Banking Error Summary MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Top Attacker Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: Audit Log Summary MAS: Data Loss Prevention Summary MAS: Time Sync Error Summary MAS: Online Banking Error Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: Audit Log Detail MAS: Data Loss Prevention Detail MAS: Time Sync Error Detail |
12.2.4: Sensitive or confidential information are encrypted to ensure the confidentiality and integrity of information in storage and transmission. | Augment | MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule | MAS: Data Loss Prevention Inv MAS: Audit Log Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv | MAS: Audit Log Summary MAS: Data Loss Prevention Summary MAS: Audit Log Detail MAS: Data Loss Prevention Detail |
12.2.4: The processing of sensitive or confidential information is performed in a secure environment. | Augment | MAS: Online Banking Auth Success Rule MAS: Online Banking Auth Fail Rule MAS: Online Banking Accs Success Rule MAS: Online Banking Accs Fail Rule MAS: Data Loss Prevention Rule MAS: Data Exfiltration Rule MAS: Data Destruction Rule MAS: Backup Activity Rule | MAS: Online Banking Error Inv MAS: Time Sync Error Inv MAS: Backup Failure/Error Inv MAS: Backup Activity Inv MAS: Config/Policy Change Inv MAS: *NIX Hosts Configuration Change Inv MAS: Windows Hosts Configuration Change Inv MAS: Patch Applied Inv MAS: Patch Failure Inv MAS: Signature Update Inv MAS: Signature Failure Inv MAS: LogRhythm Silent Log Source Error Inv MAS: Malware Detected Inv MAS: Vulnerability Detected Inv MAS: Attack Detected Inv MAS: Rogue Access Point Inv MAS: Data Loss Prevention Inv MAS: Audit Log Inv MAS: FIM Critical/Error/Information Inv MAS: FIM Activity Rule Inv MAS: Time Sync Error Inv | MAS: Online Banking Error Summary MAS: Config/Policy Change Summary MAS: *NIX Hosts Configuration Change Summary MAS: Windows Hosts Configuration Change Summary MAS: Patch Applied Summary MAS: Patch Failure Summary MAS: Signature Update Summary MAS: Signature Failure Summary MAS: LogRhythm Silent Log Source Error Summary MAS: Log Volume by Log Source Summary MAS: Log Volume by Entity Summary MAS: Malware Detected Summary MAS: Vulnerability Detected Summary MAS: Attack Detected Summary MAS: Rogue Access Point Summary MAS: Top Attacker Summary MAS: Top Targeted Application Summary MAS: Top Targeted Host Summary MAS: Backup Failure/Error Summary MAS: Backup Activity Summary MAS: FIM Critical/Error/Information Summary MAS: FIM Activity Rule Summary MAS: Audit Log Summary MAS: Data Loss Prevention Summary MAS: Time Sync Error Summary MAS: Online Banking Error Detail MAS: Config/Policy Change Detail MAS: Windows Hosts Configuration Change Detail MAS: *NIX Hosts Configuration Change Detail MAS: Patch Applied Detail MAS: Patch Failure Detail MAS: Signature Update Detail MAS: Signature Failure Detail MAS: LogRhythm Silent Log Source Error Detail MAS: Malware Detected Detail MAS: Vulnerability Detected Detail MAS: Attack Detected Detail MAS: Rogue Access Point Detail MAS: Backup Failure/Error Detail MAS: Backup Activity Detail MAS: Audit Log Detail MAS: Data Loss Prevention Detail MAS: Time Sync Error Detail |
| 14.1.4: A follow-up process is established to track and monitor IT audit issues. | Augment | N/A | N/A | N/A |
14.1.4: An escalation process is established to notify the relevant IT and business management of key IT audit issues. | Augment | N/A | N/A | N/A |