NCSC - Reports and Reporting Packages
In the table below, there is a “CAF 4.0 Migration Mapping” column. When cloning each Knowledge Base item for CAF 4.0 implementation, add the corresponding mappings represented below to your LogRhythm deployment’s Knowledge Base items.
With this cloning guidance in mind, proceed from here using the table below to identify the appropriate CAF 4.0 mapping recommendations.
For more information on CAF 4.0 and the differences implemented with its August 2025 release, refer to the NCSC CAF front page.
Summary Reports
Reports | NCSC Controls Applicable | NCSC CAF 4.0 Migration Mapping | Data Source | Intelligent Indexing | Classification | Log Sources |
|---|---|---|---|---|---|---|
CCF: Access Failure Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.03, B2.c.04, B2.c.05, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | No changes. | Platform Manager | No | Audit | All Available Log Sources |
CCF: Access Success Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.03, B2.c.04, B2.c.05, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | No changes. | Platform Manager | No | Audit | All Available Log Sources |
CCF: Account Deleted Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.03, B2.c.04, B2.c.05, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | Add C1.f (NEW) for behavior‑aware deletion monitoring. | Platform Manager | No | Audit | All Available Log Sources |
CCF: Account Disabled Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.03, B2.c.04, B2.c.05, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | Add C1.f (NEW) for behavior‑aware revocation monitoring. | LogMart | No | Audit | All Available Log Sources |
CCF: Account Enabled Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.03, B2.c.04, B2.c.05, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | Add C1.f (NEW) for behavior‑aware account lifecycle monitoring. | Platform Manager | Yes | Audit | All Available Log Sources |
CCF: Account Modification Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.c.03, C1.a.01, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | Add C1.f (NEW) for behavior‑centric account change analytics. | Platform Manager | No | Audit | All Available Log Sources |
CCF: Applications Accessed By User Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.03, B2.c.04, B2.c.05, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | Add C1.f (NEW) to reflect behavior baselining & TI‑integrated monitoring of application usage. | Data Processor(s) | No | Operations | All Available Log Sources |
CCF: Audit Log Summary | A1.a.02, A1.c.03, A2.a.01, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.c.03, B3.b.02, B3.c.02, B3.c.03, B3.c.04, B3.c.05, B3.d.01, B4.b.02, B4.b.03, B4.b.04, C1.a.01, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | No changes. | Platform Manager | Yes | Audit | All Available Log Sources |
CCF: Auth Failure Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.03, B2.c.04, B2.c.05, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | No changes. | Platform Manager | No | Audit | All Available Log Sources |
CCF: Auth Success Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.03, B2.c.04, B2.c.05, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | No changes. | Platform Manager | No | Audit | All Available Log Sources |
CCF: Backup Activity Summary | B4.a.04, B5.c.01, B5.c.03, D1.b.04 | No changes. | Data Processor(s) | No | Operations | All Available Log Sources |
CCF: Compromises Detected Summary | A1.a.02, A1.c.03, A2.a.01, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.c.03, B3.b.02, B3.c.02, B3.c.03, B3.c.04, B3.c.05, B3.d.01, B4.b.02, B4.b.03, B4.b.04, C1.a.01, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | Add C2.b (expanded) to formalise structured threat hunting on compromise chains; add C1.f (NEW) for behavior/TI context. | LogMart | Yes | Security | All Available Log Sources |
CCF: Config/Policy Change Summary | B3.b.02, B3.c.02, B3.c.03, B3.c.04, B3.c.05, B3.d.01, B4.b.02, B4.b.03, B4.b.04, B4.d.02, C1.d.03 | No changes. | LogMart | Yes | Audit | All Available Log Sources |
CCF: Critical Environment Error Summary | A1.a.02, A1.c.03, A2.a.01, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.c.03, B3.b.02, B3.c.02, B3.c.03, B3.c.04, B3.c.05, B3.d.01, B4.b.02, B4.b.03, B4.b.04, C1.a.01, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | No changes. | Platform Manager | Yes | Operations | All Available Log Sources |
CCF: GeoIP Summary | A1.a.02, A1.c.03, A2.a.01, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.c.03, C1.a.01, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | Add C1.f (NEW) to incorporate user/system behavior baselines and TI into geo‑anomaly monitoring. | Platform Manager | Yes | Security | All Available Log Sources |
CCF: LogRhythm Data Loss Defender Log Summary | A1.a.02, A1.c.03, A2.a.01, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.c.03, B3.b.02, B3.c.02, B3.c.03, B3.c.04, B3.c.05, B3.d.01, B4.b.02, B4.b.03, B4.b.04, C1.a.01, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | No changes. | LogMart | Yes | Operations | All Available Log Sources |
CCF: Malware Detected Summary | B4.c.03 | No changes. | Platform Manager | Yes | Security | All Available Log Sources |
CCF: Object Access Summary | A1.a.02, A1.c.03, A2.a.01, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.c.03, B3.b.02, B3.c.02, B3.c.03, B3.c.04, B3.c.05, B3.d.01, B4.b.02, B4.b.03, B4.b.04, C1.a.01, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | Add C1.f (NEW) to reflect user/system behavior understanding for object access. | Data Processor(s) | No | Audit | All Available Log Sources |
CCF: Patch Activity Summary | B4.d.02, C1.d.03 | Add A4.b (NEW) to reflect secure software lifecycle/maintenance expectations in CAF 4.0. | Data Processor(s) | Yes | Operations | All Available Log Sources |
CCF: Physical Access Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.03, B2.c.04, B2.c.05, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, B3.b.02, B3.c.02, B3.c.03, B3.c.04, B3.c.05, B3.d.01, B4.b.02, B4.b.03, B4.b.04, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | No changes. | Platform Manager | Yes | Audit | All Available Log Sources |
CCF: Priv Account Management Activity Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.01, B2.c.02, B2.c.03, B2.c.04, B2.c.05, B2.c.06, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | No changes. | Data Processor(s) | Yes | Audit | All Available Log Sources |
CCF: Priv Authentication Activity Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.01, B2.c.02, B2.c.03, B2.c.04, B2.c.05, B2.c.06, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | No changes. | Platform Manager | Yes | Audit | All Available Log Sources |
CCF: Rogue Access Point Summary | A1.a.02, A1.c.03, A2.a.01, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.c.03, B3.b.02, B3.c.02, B3.c.03, B3.c.04, B3.c.05, B3.d.01, B4.b.02, B4.b.03, B4.b.04, C1.a.01, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | No changes. | Platform Manager | Yes | Security | All Available Log Sources |
CCF: Signature Activity Summary | B3.b.02, B3.c.02, B3.c.03, B3.c.04, B3.c.05, B3.d.01, B4.b.02, B4.b.03, B4.b.04, B4.d.02, C1.d.03 | No changes. | LogMart | Yes | Operations | All Available Log Sources |
CCF: Suspected Wireless Attack Summary | B3.b.02, B3.c.02, B3.c.03, B3.c.04, B3.c.05, B3.d.01, B4.b.02, B4.b.03, B4.b.04 | No changes. | Platform Manager | Yes | Security | All Available Log Sources |
CCF: Term Account Activity Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.03, B2.c.04, B2.c.05, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | No changes. | Data Processor(s) | Yes | Audit | All Available Log Sources |
CCF: Time Sync Error Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.03, B2.c.04, B2.c.05, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | No changes. | Platform Manager | Yes | Operations | All Available Log Sources |
CCF: Top Suspicious Users | A1.a.02, A1.c.03, A2.a.01, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.01, B2.c.02, B2.c.03, B2.c.04, B2.c.05, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | Add C1.f (NEW) for behavior analytics; add C2.b (expanded) to reflect formal threat‑hunting on anomalous users. | Data Processor(s) | Yes | Security | All Available Log Sources |
CCF: Use Of Non- Encrypted Protocols Summary | A1.a.02, A1.c.03, A2.a.01, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.c.03, B3.b.02, B3.c.02, B3.c.03, B3.c.04, B3.c.05, B3.d.01, B4.b.02, B4.b.03, B4.b.04, C1.a.01, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | No changes. | LogMart | Yes | Audit | All Available Log Sources |
CCF: User Misuse Summary | A1.a.02, A1.c.03, A2.a.01, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.c.03, C1.a.01, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | No changes. | Platform Manager | No | Security | All Available Log Sources |
CCF: User Object Access Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.03, B2.c.04, B2.c.05, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, B3.b.02, B3.c.02, B3.c.03, B3.c.04, B3.c.05, B3.d.01, B4.b.02, B4.b.03, B4.b.04, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | Add C1.f (NEW) for behavior‑aware user access analytics. | Data Processor(s) | Yes | Audit | All Available Log Sources |
CCF: User Priv Escalation (SU & SUDO) Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.01, B2.c.02, B2.c.03, B2.c.04, B2.c.05, B2.c.06, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | Add C1.f (NEW) for privileged‑behavior baselines; add C2.b (expanded) for structured hunting on privilege escalation patterns. | Data Processor(s) | Yes | Audit | All Available Log Sources |
CCF: User Priv Escalation (Windows) Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.01, B2.c.02, B2.c.03, B2.c.04, B2.c.05, B2.c.06, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | Add C1.f (NEW) for privileged‑behavior baselines; add C2.b (expanded) for structured hunting on privilege escalation patterns. | Platform Manager | Yes | Audit | All Available Log Sources |
CCF: Vulnerability Detected Summary | A1.a.02, A1.c.03, A2.a.03, A2.a.04, A2.a.08, A2.b.01, B1.a.01, B2.a.01, B2.a.02, B2.a.05, B2.a.06, B2.c.01, B2.c.02, B2.c.03, B2.c.04, B2.c.05, B2.c.06, B2.c.07, B2.c.08, B2.d.02, B2.d.03, B2.d.04, B2.d.05, C1.a.01, C1.a.04, C1.a.05, C1.a.06, C1.c.01, C1.c.02, C1.c.03, C1.c.04, C1.c.05, C1.c.06, C1.d.01, C1.d.02, C1.e.01, C1.e.03, C2.a.01, C2.a.02, C2.a.03, C2.a.04, C2.b.01, D2.a.01, D2.a.02, D2.a.03 | Add A4.b (NEW) to capture CAF 4.0’s SDLC & supplier security expectations tied to vulnerability management. | Platform Manager | Yes | Security | All Available Log Sources |
Detailed Reports
The Intelligent Indexing settings are recommendations. The default configuration is No.
Report Name | Report Description | Control Support | Data Source | Intelligent Indexing | Classification | Log Sources | Report ID |
|---|---|---|---|---|---|---|---|
CCF: Account Deleted Summary | This report provides detailed information when an account has access revoked (deleted) across any logged environments. This should align with the organization's policies regarding deleted accounts. | Platform Manager | Yes | Audit | All Available Log Sources | 2086 | |
CCF: Account Enabled Summary | This report provides detailed information when an account has access granted across any logged environments. This should align with the organization's policies regarding enabled accounts. | Platform Manager | Yes | Audit | All Available Log Sources | 2085 | |
CCF: Account Modification Summary | This report provides summary information around account modifications across all logged environments. | Platform Manager | Yes | Audit | All Available Log Sources | 2092 | |
CCF: Host Access Granted And Revoked Detail | This report details all access granted and revoked for production systems. | Data Processor(s) | Yes | Audit | All Available Log Sources | 2065 | |
CCF: Unknown User Account Detail | This report provides details of activity from unknown user accounts, based off CCF user lists. | Data Processor(s) | Yes | Security | All Available Log Sources | 2071 |
Reporting Packages
Report Package Name | Report Package Description | Report Package ID |
|---|---|---|
CCF: Daily IT Operations Reporting Package | This reporting package is a template to deliver pertinent content for IT Operations on a daily basis. | 89 |
CCF: Daily IT Security Reporting Package | This reporting package is a template to deliver pertinent content for IT Security on a daily basis. | 90 |
CCF: Executive Reporting Package | This reporting package is a template to deliver pertinent content for Executives on a monthly basis. | 87 |
CCF: Weekly Audit Reporting Package | This reporting package is a template to deliver pertinent content for Internal and/or External Audit groups on a weekly basis. | 88 |