SOX-COSO – Requirements | LogRhythm Documentation

The deliverables that demonstrate adherence to the COSO Framework principles are shown in the following table.

COSO Framework Principle	Deliverable
Control Environment Integrity	SOX COSO: File Integrity Monitoring Activity
Control Environment Operations	SOX COSO: Account Management Activity SOX COSO: Applications Accessed By User SOX COSO: Audit Exceptions Event Summary (By User) SOX COSO: Audit Exceptions Event Summary (By Impacted Host) SOX COSO: Log Volume (By Log Source) SOX COSO: Log Volume (By Log Host) SOX COSO: Log Volume (By Entity) SOX COSO: Log Volume (By Day) SOX COSO: Log Volume SOX COSO: System Critical And Error Conditions SOX COSO: System Startup And Shutdown SOX COSO: Top Applications Experiencing Errors SOX COSO: Top Hosts Experiencing Errors
Risk Assessment Managing Change	SOX COSO: Host Access Granted And Revoked SOX COSO: Policy Activity Summary SOX COSO: Terminated Account Summary SOX COSO: File Integrity Monitoring Activity SOX COSO: Account Management Activity
Control Activities Authorization and Role Management	SOX COSO: Account Management Activity SOX COSO: Host Access Granted And Revoked SOX COSO: User Object Access Summary SOX COSO: Policy Activity Summary
Control Activities Authentication	SOX COSO: Failed Host Access SOX COSO: Failed Application Access SOX COSO: Failed File Access SOX COSO: User Authentication Summary
Control Activities Verification	SOX COSO: Audit Failures by User SOX COSO: Audit Failures by Host SOX COSO: Suspicious Activity by User SOX COSO: Suspicious Activity by Host SOX COSO: Top Suspicious Users SOX COSO: Top Targeted Hosts SOX COSO: Top Targeted Applications
Control Activities Operating Performance	SOX COSO: System Critical And Error Conditions SOX COSO: Account Management Activity SOX COSO: System Startup And Shutdown
Control Activities Security of Assets	SOX COSO: Suspicious Activity by User SOX COSO: Suspicious Activity by Host SOX COSO: Top Attackers SOX COSO: Top Suspicious Users SOX COSO: Top Targeted Hosts SOX COSO: Top Targeted Applications SOX COSO: Malware Detected SOX COSO: Attacks Detected SOX COSO: Compromises Detected SOX COSO: System Security Event Summary SOX COSO: Security Event Summary (By Impacted Host) SOX COSO: Security Event Summary (By Origin Host) SOX COSO: Security Event Summary (By Impacted Application)
Information and Communication Reporting	SOX COSO: Account Management Activity SOX COSO: User Authentication Activity SOX COSO: User Object Access Activity SOX COSO: System Security Activity SOX COSO: Policy Activity
Monitoring Ongoing Monitoring	SOX COSO: File Integrity Monitoring Activity SOX COSO: Usage Auditing Activity Summary SOX COSO: Usage Auditing Event Detail (By Date) SOX COSO: Usage Auditing Event Detail (By User) SOX COSO: Usage Auditing Event List SOX COSO: Usage Auditing Logon & Logoff Events

COSO Framework Principle

Deliverable

Control Environment

Integrity

SOX COSO: File Integrity Monitoring Activity

Control Environment

Operations

SOX COSO: Account Management Activity SOX COSO: Applications Accessed By User

SOX COSO: Audit Exceptions Event Summary (By User)

SOX COSO: Audit Exceptions Event Summary (By Impacted Host) SOX COSO: Log Volume (By Log Source)

SOX COSO: Log Volume (By Log Host) SOX COSO: Log Volume (By Entity) SOX COSO: Log Volume (By Day) SOX COSO: Log Volume

SOX COSO: System Critical And Error Conditions SOX COSO: System Startup And Shutdown

SOX COSO: Top Applications Experiencing Errors SOX COSO: Top Hosts Experiencing Errors

Risk Assessment

Managing Change

SOX COSO: Host Access Granted And Revoked SOX COSO: Policy Activity Summary

SOX COSO: Terminated Account Summary SOX COSO: File Integrity Monitoring Activity SOX COSO: Account Management Activity

Control Activities

Authorization and Role Management

SOX COSO: Account Management Activity SOX COSO: Host Access Granted And Revoked SOX COSO: User Object Access Summary SOX COSO: Policy Activity Summary

Control Activities

Authentication

SOX COSO: Failed Host Access

SOX COSO: Failed Application Access SOX COSO: Failed File Access

SOX COSO: User Authentication Summary

Control Activities

Verification

SOX COSO: Audit Failures by User SOX COSO: Audit Failures by Host SOX COSO: Suspicious Activity by User SOX COSO: Suspicious Activity by Host SOX COSO: Top Suspicious Users

SOX COSO: Top Targeted Hosts

SOX COSO: Top Targeted Applications

Control Activities

Operating Performance

SOX COSO: System Critical And Error Conditions SOX COSO: Account Management Activity

SOX COSO: System Startup And Shutdown

Control Activities

Security of Assets

SOX COSO: Suspicious Activity by User SOX COSO: Suspicious Activity by Host SOX COSO: Top Attackers

SOX COSO: Top Suspicious Users SOX COSO: Top Targeted Hosts

SOX COSO: Top Targeted Applications SOX COSO: Malware Detected

SOX COSO: Attacks Detected

SOX COSO: Compromises Detected

SOX COSO: System Security Event Summary

SOX COSO: Security Event Summary (By Impacted Host) SOX COSO: Security Event Summary (By Origin Host)

SOX COSO: Security Event Summary (By Impacted Application)

Information and Communication

Reporting

SOX COSO: Account Management Activity SOX COSO: User Authentication Activity SOX COSO: User Object Access Activity SOX COSO: System Security Activity

SOX COSO: Policy Activity

Monitoring

Ongoing Monitoring

SOX COSO: File Integrity Monitoring Activity SOX COSO: Usage Auditing Activity Summary

SOX COSO: Usage Auditing Event Detail (By Date) SOX COSO: Usage Auditing Event Detail (By User) SOX COSO: Usage Auditing Event List

SOX COSO: Usage Auditing Logon & Logoff Events