Skip to main content
Skip table of contents

UAE-NESA – Requirements

 

Control ID

Control Description

Support

AIE Rules & Alarms

Investigations

Reports

M1.3.5

The entity shall identify and properly manage the risks related to its information and information systems for business processes involving external parties.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Windows RunAs Privilege Escalation

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Linux sudo Privilege Escalation

 

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

M1.3.5.1

The entity shall identify risks to its information and information systems and implement the appropriate controls before granting access to any external party.

Augment

CCF: GeoIP General Activity

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Misuse

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Windows RunAs Privilege Escalation

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: Linux sudo Privilege Escalation

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: Local Account Created and Used

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: Privilege Escalation After Attack

CCF: Object Access Inv

CCF: Object Access Summary

CCF: Blacklist Location Auth

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Early TLS/SSL Alarm

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Priv Group Access Granted Alarm

 

CCF: User Priv Escalation (Windows) Summary

 

 

CCF: User Priv Escalation (SU & SUDO) Summary

 

 

CCF: Priv Authentication Activity Summary

 

 

CCF: Priv Account Management Activity Summary

M1.3.5.3

The entity shall identify and adopt proper controls to limit physical and logical access to information assets and entity information systems.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Windows RunAs Privilege Escalation

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Linux sudo Privilege Escalation

 

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

M1.3.5.4

The entity shall monitor external party access to entity information and entity information systems.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Windows RunAs Privilege Escalation

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Linux sudo Privilege Escalation

 

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

M1.3.6

The entity shall address all identified security requirements before giving customers access to the entity's information or assets.

Augment

CCF: GeoIP General Activity

CCF: Suspicious Users Inv

CCF: Host Access Granted And Revoked Detail

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: Applications Accessed By User Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Top Suspicious Users

CCF: Blacklist Location Auth

CCF: GeoIP Inv

CCF: Object Access Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: User Misuse Summary

CCF: Unknown User Account Alarm

 

CCF: Unknown User Account Detail

 

 

CCF: GeoIP Summary

M1.3.6.2

The entity shall monitor any customer access and verify compliance to agreed access control policy.

Augment

CCF: GeoIP General Activity

CCF: Suspicious Users Inv

CCF: Host Access Granted And Revoked Detail

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: Applications Accessed By User Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Top Suspicious Users

CCF: Blacklist Location Auth

CCF: GeoIP Inv

CCF: Object Access Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: User Misuse Summary

CCF: Unknown User Account Alarm

 

CCF: Unknown User Account Detail

 

 

CCF: GeoIP Summary

M1.4.3

The entity shall maintain, protect, and control documentation of its information security controls and their implementation.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: Backup Information

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Backup Activity Inv

CCF: Unknown User Account Detail

CCF: Non-Encrypted Protocol Alarm

 

CCF: Backup Activity Summary

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Backup Failure Alarm

 

 

M1.4.3.5

The entity shall ensure that documents are available to those who need them, are transferred, and stored in accordance with the procedures applicable to

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

their classification.

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

 

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

 

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

 

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

 

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

 

CCF: Backup Information

CCF: User Misuse Inv

CCF: User Misuse Summary

 

CCF: Misuse

CCF: Backup Activity Inv

CCF: Unknown User Account Detail

 

CCF: Non-Encrypted Protocol Alarm

 

CCF: Backup Activity Summary

 

CCF: Early TLS/SSL Alarm

 

 

 

CCF: FIM Delete Activity Alarm

 

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

 

CCF: Backup Failure Alarm

 

 

M1.4.3.7

The entity shall ensure that documents of external origin are identified.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Backup Activity Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Blacklist Location Auth

 

 

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Backup Failure Alarm

 

 

M1.4.3.8

The entity shall ensure that the distribution of documents is controlled.

Augment

 CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Backup Activity Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Misuse

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Blacklist Location Auth

 

CCF: Backup Activity Summary

CCF: Backup Information

 

 

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Backup Failure Alarm

 

 

M2.4.1

The entity shall plan and document the process for the review and update of the risk assessment and treatment: this shall include planned reviews and updates as well as ad hoc updates if significant changes occur.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Windows RunAs Privilege Escalation

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Linux sudo Privilege Escalation

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Local Account Created and Used

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Privilege Escalation After Attack

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Blacklist Location Auth

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Compromises Detected Inv

CCF: Vulnerability Detected Summary

CCF: Early TLS/SSL Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: FIM Delete Activity Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Rogue Access Point Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Suspected Wireless Attack Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Malware Alarm

 

 

CCF: Vulnerability Detected Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M2.4.1.2

The entity shall monitor security incidents (see T8.3.2, T8.3.3) that might trigger the risk assessment process. (see M2.2.1).

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Windows RunAs Privilege Escalation

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Linux sudo Privilege Escalation

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Local Account Created and Used

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Privilege Escalation After Attack

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Blacklist Location Auth

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Compromises Detected Inv

CCF: Vulnerability Detected Summary

CCF: Early TLS/SSL Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: FIM Delete Activity Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Rogue Access Point Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Suspected Wireless Attack Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Malware Alarm

 

 

CCF: Vulnerability Detected Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M4.4.3

The entity shall remove access rights of all stakeholders to information and information systems upon termination of their employment, contract or agreement, or adjusted upon change.

Augment

CCF: Unknown User Account Alarm

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

M4.4.3.1

The entity shall verify that the termination policy and procedure is followed for any termination or change of employment, contract or agreement with particular attention to revocation of credentials/access to any information facility.

Augment

CCF: Unknown User Account Alarm

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

M5.2.2

The entity shall implement the appropriate procedures to ensure compliance with legislative, regulatory, and contractual requirements on the use of material in respect to which there may be intellectual property rights and on the use of proprietary software products.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Compromises Detected Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.2.2.3

The entity shall  determine specific system requirements resulting from the

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

identified requirements.

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

 

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

 

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

 

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

 

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

 

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

 

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

 

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

 

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

 

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

 

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

 

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

 

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

 

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

 

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

 

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

 

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

 

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

 

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

 

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

 

CCF: Suspected Wireless Attack Alarm

CCF: Compromises Detected Inv

CCF: Backup Activity Summary

 

CCF: Malware Alarm

 

CCF: User Priv Escalation (Windows) Summary

 

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

 

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

 

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

 

CCF: Time Sync Error Alarm

 

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

 

CCF: Unknown User Account Alarm

 

 

 

CCF: Priv Group Access Granted Alarm

 

 

 

CCF: Compromise Detected Alarm

 

 

M5.2.2.4

The entity shall define specific controls to ensure all intellectual property right protection requirements are met.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Compromises Detected Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.2.3

The entity shall protect important records from loss, destruction, and falsification, in accordance with statutory, regulatory, contractual, and business requirements.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM Information

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: Data Loss Prevention

CCF: Object Access Inv

CCF: Object Access Summary

CCF: FIM General Activity

CCF: Social Media Inv

CCF: Backup Activity Summary

CCF: FIM Add Activity

CCF: Backup Activity Inv

 

CCF: FIM Abnormal Activity

 

 

CCF: Social Media Event

 

 

CCF: Backup Information

 

 

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: Backup Failure Alarm

 

 

M5.2.3.2

The entity shall determine specific system requirements resulting from the identified requirements.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM Information

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: Data Loss Prevention

CCF: Object Access Inv

CCF: Object Access Summary

CCF: FIM General Activity

CCF: Social Media Inv

CCF: Social Media Summary

CCF: FIM Add Activity

CCF: Backup Activity Inv

CCF: Backup Activity Summary

CCF: FIM Abnormal Activity

 

 

CCF: Social Media Event

 

 

CCF: Backup Information

 

 

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: Backup Failure Alarm

 

 

M5.2.3.3

The entity shall define specific controls to ensure all record protection requirements are met.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM Information

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: Data Loss Prevention

CCF: Object Access Inv

CCF: Object Access Summary

CCF: FIM General Activity

CCF: Social Media Inv

CCF: Social Media Summary

CCF: FIM Add Activity

CCF: Backup Activity Inv

CCF: Backup Activity Summary

CCF: FIM Abnormal Activity

 

 

CCF: Social Media Event

 

 

CCF: Backup Information

 

 

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: Backup Failure Alarm

 

 

M5.2.3.4

The entity shall periodically review requirements and associated controls for completeness.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM Information

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: Data Loss Prevention

CCF: Object Access Inv

CCF: Object Access Summary

CCF: FIM General Activity

CCF: Social Media Inv

CCF: Social Media Summary

CCF: FIM Add Activity

CCF: Backup Activity Inv

CCF: Backup Activity Summary

CCF: FIM Abnormal Activity

 

 

CCF: Social Media Event

 

 

CCF: Backup Information

 

 

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: Backup Failure Alarm

 

 

M5.2.4

The entity shall ensure data protection and privacy as required in relevant legislation, regulations, and, if applicable, contractual clauses.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM Information

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: Data Loss Prevention

CCF: Object Access Inv

CCF: Object Access Summary

CCF: FIM General Activity

CCF: Social Media Inv

CCF: Social Media Summary

CCF: FIM Add Activity

CCF: Backup Activity Inv

CCF: Backup Activity Summary

CCF: FIM Abnormal Activity

 

 

CCF: Social Media Event

 

 

CCF: Backup Information

 

 

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: Backup Failure Alarm

 

 

M5.2.4.2

The entity shall determine specific system requirements resulting from the identified requirements.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM Information

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: Data Loss Prevention

CCF: Object Access Inv

CCF: Object Access Summary

CCF: FIM General Activity

CCF: Social Media Inv

CCF: Social Media Summary

CCF: FIM Add Activity

CCF: Backup Activity Inv

CCF: Backup Activity Summary

CCF: FIM Abnormal Activity

 

 

CCF: Social Media Event

 

 

CCF: Backup Information

 

 

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: Backup Failure Alarm

 

 

M5.2.4.3

The entity shall define specific controls to ensure all data protection and privacy requirements are met.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM Information

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: Data Loss Prevention

CCF: Object Access Inv

CCF: Object Access Summary

CCF: FIM General Activity

CCF: Social Media Inv

CCF: Social Media Summary

CCF: FIM Add Activity

CCF: Backup Activity Inv

CCF: Backup Activity Summary

CCF: FIM Abnormal Activity

 

 

CCF: Social Media Event

 

 

CCF: Backup Information

 

 

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: Backup Failure Alarm

 

 

M5.2.4.4

The entity shall periodically review requirements and associated controls for completeness.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM Information

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: Data Loss Prevention

CCF: Object Access Inv

CCF: Object Access Summary

CCF: FIM General Activity

CCF: Social Media Inv

CCF: Social Media Summary

CCF: FIM Add Activity

CCF: Backup Activity Inv

CCF: Backup Activity Summary

CCF: FIM Abnormal Activity

 

 

CCF: Social Media Event

 

 

CCF: Backup Information

 

 

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: Backup Failure Alarm

 

 

M5.2.5

The entity shall deter users from using information systems for unauthorized purposes.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Config Change After Attack

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Windows RunAs Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Linux sudo Privilege Escalation

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Local Account Created and Used

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Privilege Escalation After Attack

CCF: Config/Policy Change Inv

CCF: Social Media Summary

CCF: Blacklist Location Auth

CCF: Compromises Detected Inv

CCF: Config/Policy Change Summary

CCF: Backup Information

 

CCF: User Priv Escalation (Windows) Summary

CCF: Non-Encrypted Protocol Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Early TLS/SSL Alarm

 

CCF: Priv Authentication Activity Summary

CCF: FIM Delete Activity Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Rogue Access Point Alarm

 

 

CCF: Suspected Wireless Attack Alarm

 

 

CCF: Malware Alarm

 

 

CCF: Vulnerability Detected Alarm

 

 

CCF: Backup Failure Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.2.5.2

The entity shall develop the capability to monitor information systems for unauthorized use.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Config Change After Attack

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Windows RunAs Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Linux sudo Privilege Escalation

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Local Account Created and Used

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Privilege Escalation After Attack

CCF: Config/Policy Change Inv

CCF: Social Media Summary

CCF: Blacklist Location Auth

CCF: Compromises Detected Inv

CCF: Config/Policy Change Summary

CCF: Backup Information

 

CCF: User Priv Escalation (Windows) Summary

CCF: Non-Encrypted Protocol Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Early TLS/SSL Alarm

 

CCF: Priv Authentication Activity Summary

CCF: FIM Delete Activity Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Rogue Access Point Alarm

 

 

CCF: Suspected Wireless Attack Alarm

 

 

CCF: Malware Alarm

 

 

CCF: Vulnerability Detected Alarm

 

 

CCF: Backup Failure Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.2.5.3

The entity shall take corrective action to stop unauthorized use of information systems when detected.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Config Change After Attack

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Windows RunAs Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Linux sudo Privilege Escalation

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Local Account Created and Used

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Privilege Escalation After Attack

CCF: Config/Policy Change Inv

CCF: Social Media Summary

CCF: Blacklist Location Auth

CCF: Compromises Detected Inv

CCF: Config/Policy Change Summary

CCF: Backup Information

 

CCF: User Priv Escalation (Windows) Summary

CCF: Non-Encrypted Protocol Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Early TLS/SSL Alarm

 

CCF: Priv Authentication Activity Summary

CCF: FIM Delete Activity Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Rogue Access Point Alarm

 

 

CCF: Suspected Wireless Attack Alarm

 

 

CCF: Malware Alarm

 

 

CCF: Vulnerability Detected Alarm

 

 

CCF: Backup Failure Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.2.6

The entity shall use cryptographic controls in compliance with all relevant legislations, regulations, and agreements.

Augment

CCF: Non-Encrypted Protocol Alarm

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Early TLS/SSL Alarm

M5.2.6.2

The entity shall determine specific system requirements resulting from the identified requirements.

Augment

CCF: Non-Encrypted Protocol Alarm

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Early TLS/SSL Alarm

M5.2.6.3

The entity shall define specific controls to ensure all cryptographic control requirements are met.

Augment

CCF: Non-Encrypted Protocol Alarm

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Early TLS/SSL Alarm

M5.2.6.4

The entity shall periodically review requirements and associated controls for completeness.

Augment

CCF: Non-Encrypted Protocol Alarm

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Early TLS/SSL Alarm

M5.3.1

The entity's managers shall ensure that all security procedures within their area of responsibility are carried out correctly to achieve compliance with security policies and standards.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Compromises Detected Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.3.1.2

Managers shall develop the capability to monitor the execution of identified

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

security procedures.

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

 

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

 

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

 

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

 

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

 

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

 

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

 

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

 

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

 

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

 

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

 

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

 

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

 

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

 

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

 

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

 

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

 

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

 

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

 

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

 

CCF: Suspected Wireless Attack Alarm

CCF: Compromises Detected Inv

CCF: Backup Activity Summary

 

CCF: Malware Alarm

 

CCF: User Priv Escalation (Windows) Summary

 

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

 

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

 

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

 

CCF: Time Sync Error Alarm

 

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

 

CCF: Unknown User Account Alarm

 

 

 

CCF: Priv Group Access Granted Alarm

 

 

 

CCF: Compromise Detected Alarm

 

 

M5.3.1.3

Managers shall take corrective action when issues regarding the execution of security procedures are identified.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Compromises Detected Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.4.1

The entity shall ensure that information systems are regularly checked for compliance with the UAE IA Standards.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Compromises Detected Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.4.1.2

The entity shall ensure results of compliance checking is performed by, and the results are reviewed by, authorized personnel with adequate technical capabilities.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Compromises Detected Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.4.1.3

The entity shall report any issues detected during technical compliance checking to the appropriate authority for remediation.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Blacklist Location Auth

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Privilege Escalation After Attack

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Compromises Detected Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.5.1

The entity shall ensure that audit requirements and activities involving checks on operational systems are carefully planned and agreed to minimize the risk of disruptions to business processes.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.5.1.1

The entity shall assign responsibilities for internal audits of information system controls to an appropriate authority.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.5.1.2

The entity shall define audit requirements for information system controls.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.5.1.3

The entity shall outline an audit plan to meet audit requirements for information system controls.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.5.1.4

The entity shall highlight measures taken to ensure audit activities minimize the risk of disruptions to business processes.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.5.2

The entity shall protect access to information systems audit tools to prevent any possible misuse or compromise.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.5.2.1

The entity shall identify all information systems audit tools.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Blacklist Location Auth

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Backup Information

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Early TLS/SSL Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: FIM Delete Activity Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: Rogue Access Point Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Suspected Wireless Attack Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Malware Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: Audit Log Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Time Sync Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.5.2.2

The entity shall identify the types and classification levels of information stored in information systems audit tools.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M5.5.2.3

The entity shall define minimum security requirements for information systems audit tools commensurate to the classification levels of the information held.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M6.2.1

The entity shall monitor and evaluate the information security performance and the effectiveness of the information security management system.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M6.2.1.1

The entity shall determine:

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

     A. What needs to be monitored and measured, including information security processes and controls

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

     B. The methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

     C. When the monitoring and measuring shall be performed

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

     D. Who shall monitor and measure

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

     E. When the results from monitoring and measurement shall be

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

analyzed and evaluated

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

     F. Who shall analyze and evaluate these results.

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

 

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

 

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

 

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

 

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

 

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

 

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

 

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

 

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

 

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

 

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

 

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

 

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

 

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

 

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

 

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: Audit Log Summary

 

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (Windows) Summary

 

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

 

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

 

CCF: Time Sync Error Alarm

 

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

 

CCF: Audit Logging Stopped Alarm

 

 

 

CCF: Audit Log Cleared Alarm

 

 

 

CCF: Failed Audit Log Write Alarm

 

 

 

CCF: Unknown User Account Alarm

 

 

 

CCF: Priv Group Access Granted Alarm

 

 

 

CCF: Compromise Detected Alarm

 

 

M6.2.1.2

The entity shall document the monitoring and measurement methods and results.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M6.2.2

The entity shall plan and conduct internal audits of the information security in place.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M6.3.1

The entity shall correct any non-conformity with these Standards. The entity shall react to the nonconformity when it occurs, and take action to control and correct it, and to deal with the consequences.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

M6.3.1.1

The entity shall evaluate the need for action to eliminate the causes of nonconformities, in order that it does not recur or occur elsewhere, by:

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

     A. Reviewing the nonconformity

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

     B. Determining the causes of the nonconformity

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

     C. Determining if similar nonconformities exist, or could

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

potentially occur.

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

 

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

 

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

 

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

 

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

 

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

 

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

 

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

 

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

 

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

 

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

 

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

 

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

 

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

 

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

 

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

 

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

 

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

 

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

 

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

 

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

 

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

 

CCF: Time Sync Error Alarm

 

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

 

CCF: Unknown User Account Alarm

 

 

 

CCF: Priv Group Access Granted Alarm

 

 

 

CCF: Compromise Detected Alarm

 

 

T1.3.3

The entity shall handle assets in accordance with the information classification scheme adopted by the entity.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T1.3.3.1

The entity shall develop handling procedures for processing, storing and communicating information consistent with its classification and its attached label.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T1.3.3.2

The entity shall safeguard the information in accordance with the established procedures.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T1.4.1

The entity shall manage the removable media in accordance with the classification scheme adopted by the entity.

Augment

CCF: Data Loss Prevention

CCF: LogRhythm Data Loss Defender Log Inv

 CCF: LogRhythm Data Loss Defender Log Summary

T1.4.1.2

The entity shall identify the needed protection levels in accordance with the classification scheme.

Augment

CCF: Data Loss Prevention

CCF: LogRhythm Data Loss Defender Log Inv

 CCF: LogRhythm Data Loss Defender Log Summary

T1.4.1.3

The entity shall inhibit the use of removable media in those information systems that do not require it.

Augment

CCF: Data Loss Prevention

CCF: LogRhythm Data Loss Defender Log Inv

 CCF: LogRhythm Data Loss Defender Log Summary

T1.4.1.4

The entity shall control users of removable media.

Augment

CCF: Data Loss Prevention

CCF: LogRhythm Data Loss Defender Log Inv

 CCF: LogRhythm Data Loss Defender Log Summary

T2.2.1

The entity shall use security perimeters (barriers such as walls, card controlled entry gates, or manned reception desks) to protect areas that contain information and information systems.

Augment

 

CCF: Physical Access Inv

CCF: Physical Access Summary

T2.2.1.2

The entity shall define security perimeters for every classified security level to ensure the right level of protection is applied.

Augment

 

CCF: Physical Access Inv

CCF: Physical Access Summary

T2.2.1.3

The entity shall ensure the right security countermeasures are adopted to protect areas that contain information and information systems.

Augment

 

CCF: Physical Access Inv

CCF: Physical Access Summary

T2.2.2

The entity shall protect secure areas by appropriate entry controls to ensure that only authorized personnel are allowed access.

Augment

 

CCF: Physical Access Inv

CCF: Physical Access Summary

T2.2.2.1

The entity shall authenticate all persons accessing secure areas.

Augment

 

CCF: Physical Access Inv

CCF: Physical Access Summary

T2.2.2.4

The entity shall update and monitor access logs.

Augment

 

CCF: Physical Access Inv

CCF: Physical Access Summary

T2.2.4

The entity shall design and apply physical protection against natural disasters, malicious attacks, or accidents.

Augment

CCF: Backup Information

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Backup Failure Alarm

CCF: Signature Activity Inv

CCF: Signature Activity Summary

CCF: Critical/PRD Envir Patch Failure Alarm

CCF: Backup Activity Inv

CCF: Backup Activity Summary

CCF: Critical/PRD Envir Signature Failure Alarm

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

 

T2.2.4.2

The entity shall secure fallback equipment and backup media from damage caused by a natural or man-made disaster.

Augment

CCF: Backup Information

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Backup Failure Alarm

CCF: Signature Activity Inv

CCF: Signature Activity Summary

CCF: Critical/PRD Envir Patch Failure Alarm

CCF: Backup Activity Inv

CCF: Backup Activity Summary

CCF: Critical/PRD Envir Signature Failure Alarm

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

 

T2.3.3

The entity shall protect power and telecommunications cabling carrying data or supporting information services.

Augment

CCF: Data Loss Prevention

CCF: Rogue Access Point Inv

CCF: Rogue Access Point Summary

CCF: Suspected Wireless Attack Alarm

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Rogue Access Point Alarm

CCF: Suspected Wireless Attack Inv

CCF: Suspected Wireless Attack Summary

CCF: LogRhythm Silent Log Source Error Alarm

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

T2.3.3.3

The entity shall scan the network on a regular basis to identify unauthorized devices connected to the network (refer to T5.4.3).

Augment

CCF: Data Loss Prevention

CCF: Rogue Access Point Inv

CCF: Rogue Access Point Summary

CCF: Suspected Wireless Attack Alarm

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Rogue Access Point Alarm

CCF: Suspected Wireless Attack Inv

CCF: Suspected Wireless Attack Summary

CCF: LogRhythm Silent Log Source Error Alarm

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

T3.2.3

The entity shall control the changes to information systems.

Augment

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM General Activity

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: FIM Information

CCF: Patch Applied Inv

CCF: Patch Activity Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Signature Activity Inv

CCF: Signature Activity Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: FIM Delete Activity Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T3.2.3.2

The entity shall integrate specific process controls to ensure the change

Augment

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

management process is executed correctly.

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

 

CCF: FIM General Activity

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

 

CCF: FIM Information

CCF: Patch Applied Inv

CCF: Patch Activity Summary

 

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

 

CCF: Windows RunAs Privilege Escalation

CCF: Signature Activity Inv

CCF: Signature Activity Summary

 

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

 

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

 

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

 

CCF: FIM Delete Activity Alarm

 

CCF: Priv Account Management Activity Summary

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

 

CCF: Priv Group Access Granted Alarm

 

 

T3.2.3.3

The entity shall define the systems to which the change management process applies.

Augment

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM General Activity

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: FIM Information

CCF: Patch Applied Inv

CCF: Patch Activity Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Signature Activity Inv

CCF: Signature Activity Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: FIM Delete Activity Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T3.4.1

The entity shall protect its information assets from malware.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Malware Detected Inv

CCF: Malware Detected Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Vulnerability Detected Inv

CCF: Vulnerability Detected Summary

CCF: GeoIP General Activity

CCF: Compromises Detected Inv

CCF: Compromises Detected Summary

CCF: Misuse

CCF: Rogue Access Point Inv

CCF: Rogue Access Point Summary

CCF: Blacklist Location Auth

CCF: Suspected Wireless Attack Inv

CCF: Suspected Wireless Attack Summary

CCF: Malware Alarm

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Vulnerability Detected Alarm

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Rogue Access Point Alarm

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: Suspected Wireless Attack Alarm

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Non-Encrypted Protocol Alarm

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.4.1.1

The entity shall employ anti-malware protection mechanisms for the network as well as servers, workstations, laptops and other devices connected to it.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Malware Detected Inv

CCF: Malware Detected Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Vulnerability Detected Inv

CCF: Vulnerability Detected Summary

CCF: GeoIP General Activity

CCF: Compromises Detected Inv

CCF: Compromises Detected Summary

CCF: Misuse

CCF: Rogue Access Point Inv

CCF: Rogue Access Point Summary

CCF: Blacklist Location Auth

CCF: Suspected Wireless Attack Inv

CCF: Suspected Wireless Attack Summary

CCF: Malware Alarm

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Vulnerability Detected Alarm

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Rogue Access Point Alarm

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: Suspected Wireless Attack Alarm

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Non-Encrypted Protocol Alarm

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.4.1.2

The entity shall ensure that all anti-malware protection are up-to-date.

Augment

CCF: Config Change After Attack

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

CCF: Patch Applied Inv

CCF: Patch Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Critical/PRD Envir Patch Failure Alarm

CCF: Signature Activity Inv

CCF: Signature Activity Summary

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

T3.4.1.3

The entity shall periodically scan all information systems files as well as files downloaded from public networks.

Augment

"CCF: Malware Alarm

CCF: Malware Detected Inv

CCF: Malware Detected Summary

CCF: Vulnerability Detected Alarm

CCF: Vulnerability Detected Inv

CCF: Vulnerability Detected Summary

CCF: Rogue Access Point Alarm

CCF: Compromises Detected Inv

CCF: Compromises Detected Summary

CCF: Suspected Wireless Attack Alarm

CCF: Rogue Access Point Inv

CCF: Rogue Access Point Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Suspected Wireless Attack Inv

CCF: Suspected Wireless Attack Summary

CCF: LogRhythm Silent Log Source Error Alarm

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Early TLS/SSL Alarm

 

 

CCF: Compromise Detected Alarm"

 

 

T3.4.1.5

The entity shall scan removable media for malware every time they are connected to the information systems.

Augment

CCF: Data Loss Prevention

CCF: Malware Detected Inv

CCF: Malware Detected Summary

CCF: Malware Alarm

CCF: Vulnerability Detected Inv

CCF: Vulnerability Detected Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: Compromises Detected Summary

CCF: Rogue Access Point Alarm

CCF: Rogue Access Point Inv

CCF: Rogue Access Point Summary

CCF: Suspected Wireless Attack Alarm

CCF: Suspected Wireless Attack Inv

CCF: Suspected Wireless Attack Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: LogRhythm Silent Log Source Error Alarm

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: Early TLS/SSL Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.4.1.7

The entity shall monitor anti-malware protection tools for malware detection events that should be logged and a notification should be sent to the administrators (refer to T.3.6.2).

Augment

CCF: Malware Alarm

CCF: Malware Detected Inv

CCF: Malware Detected Summary

CCF: Vulnerability Detected Alarm

CCF: Vulnerability Detected Inv

CCF: Vulnerability Detected Summary

CCF: Rogue Access Point Alarm

CCF: Compromises Detected Inv

CCF: Compromises Detected Summary

CCF: Suspected Wireless Attack Alarm

CCF: Rogue Access Point Inv

CCF: Rogue Access Point Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Suspected Wireless Attack Inv

CCF: Suspected Wireless Attack Summary

CCF: LogRhythm Silent Log Source Error Alarm

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Early TLS/SSL Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.5.1

The entity shall backup copies of its information and software.

Augment

CCF: Backup Information

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Backup Failure Alarm

CCF: Backup Activity Inv

CCF: Backup Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

 

T3.5.1.2

The entity shall establish and document clear backup procedures and system capabilities for all applicable backup requirements.

Augment

CCF: Backup Information

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Backup Failure Alarm

CCF: Backup Activity Inv

CCF: Backup Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

 

T3.6.2

The entity shall produce and keep audit logs recording user activities, exceptions, and information security events.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Privileged Account Modification Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.6.2.1

The entity shall identify all activities to be captured in audit logs for all hardware devices, operating systems and installed applications.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Privileged Account Modification Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.6.2.2

The entity shall identify minimum information requirements for each activity to be captured.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.6.2.3

The entity shall define minimum frequency requirements for reviewing audit logs.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Privileged Account Modification Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.6.2.4

The entity shall ensure audit logs are reviewed by personnel with appropriate training and skills.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Privileged Account Modification Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.6.2.5

The entity shall define minimum time requirements for maintaining audit logs.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.6.3

The entity shall monitor the use of information systems.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.6.3.1

The entity shall identify all types of system use to be monitored.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Linux sudo Privilege Escalation

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Local Account Created and Used

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Privilege Escalation After Attack

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Blacklist Location Auth

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: Backup Information

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Early TLS/SSL Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: FIM Delete Activity Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Rogue Access Point Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Suspected Wireless Attack Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Malware Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Vulnerability Detected Alarm

 

 

CCF: Backup Failure Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.6.3.2

The entity shall identify minimum information gathering requirements for each monitoring activity.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.6.3.3

The entity shall define minimum frequency requirements for reviewing information gathered from monitoring activities.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.6.3.4

The entity shall ensure information gathered from monitoring activities is reviewed by personnel with appropriate training and skills.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.6.3.5

The entity shall define minimum time requirements for maintaining information gathered from monitoring activities.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.6.4

The entity shall protect log information against tampering and unauthorized access.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Privileged Account Escalation Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.6.4.1

The entity shall identify the log information across all information systems that shall be protected.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Privileged Account Escalation Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.6.4.2

The entity shall ensure log information are protected commensurate to the sensitivity of the content of the logs

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Privileged Account Escalation Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T3.6.5

The entity shall log system administrator and system operator activities.

Augment

CCF: GeoIP General Activity

CCF: Audit Log Inv

CCF: Host Access Granted And Revoked Detail

CCF: GeoIP Blacklisted Region Activity

CCF: Privileged Account Escalation Inv

CCF: Applications Accessed By User Summary

CCF: Misuse

CCF: Host Access Granted And Revoked Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: Social Media Event

CCF: Applications Accessed By User Inv

CCF: Top Suspicious Users

CCF: Config Change After Attack

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Object Access Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspicious Users Inv

CCF: User Misuse Summary

CCF: Linux sudo Privilege Escalation

CCF: Object Access Inv

CCF: Unknown User Account Detail

CCF: Local Account Created and Used

CCF: User Misuse Inv

CCF: GeoIP Summary

CCF: Privilege Escalation After Attack

CCF: Unknown User Account Inv

CCF: Audit Log Summary

CCF: Blacklist Location Auth

CCF: GeoIP Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Audit Logging Stopped Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T3.6.5.1

The entity shall identify all activities to be captured in administrator and operator logs.

Augment

CCF: GeoIP General Activity

CCF: Audit Log Inv

CCF: Host Access Granted And Revoked Detail

CCF: GeoIP Blacklisted Region Activity

CCF: Privileged Account Escalation Inv

CCF: Applications Accessed By User Summary

CCF: Misuse

CCF: Host Access Granted And Revoked Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: Social Media Event

CCF: Applications Accessed By User Inv

CCF: Top Suspicious Users

CCF: Config Change After Attack

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Object Access Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspicious Users Inv

CCF: User Misuse Summary

CCF: Linux sudo Privilege Escalation

CCF: Object Access Inv

CCF: Unknown User Account Detail

CCF: Local Account Created and Used

CCF: User Misuse Inv

CCF: GeoIP Summary

CCF: Privilege Escalation After Attack

CCF: Unknown User Account Inv

CCF: Audit Log Summary

CCF: Blacklist Location Auth

CCF: GeoIP Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Audit Logging Stopped Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T3.6.5.2

The entity shall identify minimum information requirements for each activity to be captured.

Augment

CCF: GeoIP General Activity

CCF: Audit Log Inv

CCF: Host Access Granted And Revoked Detail

CCF: GeoIP Blacklisted Region Activity

CCF: Privileged Account Escalation Inv

CCF: Applications Accessed By User Summary

CCF: Misuse

CCF: Host Access Granted And Revoked Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: Social Media Event

CCF: Applications Accessed By User Inv

CCF: Top Suspicious Users

CCF: Config Change After Attack

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Object Access Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspicious Users Inv

CCF: User Misuse Summary

CCF: Linux sudo Privilege Escalation

CCF: Object Access Inv

CCF: Unknown User Account Detail

CCF: Local Account Created and Used

CCF: User Misuse Inv

CCF: GeoIP Summary

CCF: Privilege Escalation After Attack

CCF: Unknown User Account Inv

CCF: Audit Log Summary

CCF: Blacklist Location Auth

CCF: GeoIP Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Audit Logging Stopped Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T3.6.5.3

The entity shall define minimum frequency requirements for reviewing administrator and operator logs.

Augment

CCF: GeoIP General Activity

CCF: Audit Log Inv

CCF: Host Access Granted And Revoked Detail

CCF: GeoIP Blacklisted Region Activity

CCF: Privileged Account Escalation Inv

CCF: Applications Accessed By User Summary

CCF: Misuse

CCF: Host Access Granted And Revoked Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: Social Media Event

CCF: Applications Accessed By User Inv

CCF: Top Suspicious Users

CCF: Config Change After Attack

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Object Access Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspicious Users Inv

CCF: User Misuse Summary

CCF: Linux sudo Privilege Escalation

CCF: Object Access Inv

CCF: Unknown User Account Detail

CCF: Local Account Created and Used

CCF: User Misuse Inv

CCF: GeoIP Summary

CCF: Privilege Escalation After Attack

CCF: Unknown User Account Inv

CCF: Audit Log Summary

CCF: Blacklist Location Auth

CCF: GeoIP Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Audit Logging Stopped Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T3.6.5.4

The entity shall ensure administrator and operator logs are reviewed by personnel with appropriate training and skills.

Augment

CCF: GeoIP General Activity

CCF: Audit Log Inv

CCF: Host Access Granted And Revoked Detail

CCF: GeoIP Blacklisted Region Activity

CCF: Privileged Account Escalation Inv

CCF: Applications Accessed By User Summary

CCF: Misuse

CCF: Host Access Granted And Revoked Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: Social Media Event

CCF: Applications Accessed By User Inv

CCF: Top Suspicious Users

CCF: Config Change After Attack

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Object Access Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspicious Users Inv

CCF: User Misuse Summary

CCF: Linux sudo Privilege Escalation

CCF: Object Access Inv

CCF: Unknown User Account Detail

CCF: Local Account Created and Used

CCF: User Misuse Inv

CCF: GeoIP Summary

CCF: Privilege Escalation After Attack

CCF: Unknown User Account Inv

CCF: Audit Log Summary

CCF: Blacklist Location Auth

CCF: GeoIP Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Audit Logging Stopped Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T3.6.5.5

The entity shall define minimum time requirements for maintaining administrator and operator logs

Augment

CCF: GeoIP General Activity

CCF: Audit Log Inv

CCF: Host Access Granted And Revoked Detail

CCF: GeoIP Blacklisted Region Activity

CCF: Privileged Account Escalation Inv

CCF: Applications Accessed By User Summary

CCF: Misuse

CCF: Host Access Granted And Revoked Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: Social Media Event

CCF: Applications Accessed By User Inv

CCF: Top Suspicious Users

CCF: Config Change After Attack

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Object Access Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspicious Users Inv

CCF: User Misuse Summary

CCF: Linux sudo Privilege Escalation

CCF: Object Access Inv

CCF: Unknown User Account Detail

CCF: Local Account Created and Used

CCF: User Misuse Inv

CCF: GeoIP Summary

CCF: Privilege Escalation After Attack

CCF: Unknown User Account Inv

CCF: Audit Log Summary

CCF: Blacklist Location Auth

CCF: GeoIP Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Audit Logging Stopped Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T3.6.6

The entity shall log faults related to information processing or communication.

Augment

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Signature Activity Summary

CCF: Backup Failure Alarm

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: LogRhythm Silent Log Source Error Alarm

CCF: Time Sync Error Inv

CCF: Time Sync Error Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

CCF: Backup Activity Inv

CCF: Backup Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

T3.6.6.1

The entity shall identify all faults to be captured in fault logs.

Augment

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Signature Activity Summary

CCF: Backup Failure Alarm

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: LogRhythm Silent Log Source Error Alarm

CCF: Time Sync Error Inv

CCF: Time Sync Error Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

CCF: Backup Activity Inv

CCF: Backup Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

T3.6.6.2

The entity shall identify minimum information requirements for each fault to be captured.

Augment

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Signature Activity Summary

CCF: Backup Failure Alarm

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: LogRhythm Silent Log Source Error Alarm

CCF: Time Sync Error Inv

CCF: Time Sync Error Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

CCF: Backup Activity Inv

CCF: Backup Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

T3.6.6.3

The entity shall define minimum frequency requirements for reviewing fault logs.

Augment

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Signature Activity Summary

CCF: Backup Failure Alarm

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: LogRhythm Silent Log Source Error Alarm

CCF: Time Sync Error Inv

CCF: Time Sync Error Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

CCF: Backup Activity Inv

CCF: Backup Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

T3.6.6.5

The entity shall define minimum time requirements for maintaining fault logs.

Augment

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Signature Activity Summary

CCF: Backup Failure Alarm

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: LogRhythm Silent Log Source Error Alarm

CCF: Time Sync Error Inv

CCF: Time Sync Error Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

CCF: Backup Activity Inv

CCF: Backup Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

T3.6.7

The entity shall synchronize clocks of all relevant information systems with an agreed accurate time source.

Augment

CCF: Time Sync Error Alarm

CCF: Time Sync Error Inv

CCF: Time Sync Error Summary

T3.6.7.3

The entity shall regularly check that the clocks of all relevant information processing systems are synchronized.

Augment

CCF: Time Sync Error Alarm

CCF: Time Sync Error Inv

CCF: Time Sync Error Summary

T4.2.1

The entity shall develop formal transfer procedures and controls should be in place to protect the exchange of information.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T4.2.1.3

The procedures shall identify specific controls to be put in place to ensure information is adequately protected during transfer.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Blacklist Location Auth

 

CCF: Priv Authentication Activity Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Account Management Activity Summary

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T4.2.1.4

The procedures shall identify actions to be taken when issues arise regarding the transfer of information.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T4.2.2

The entity shall establish agreements for the exchange of information and software between the entity and external parties.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T4.2.2.4

The entity shall monitor the exchange of information and software with external parties to ensure the requirements in the agreement are being met.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T4.2.4

The entity shall protect information involved in electronic messaging.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T4.2.4.3

The entity shall develop the capability to monitor electronic messaging to ensure controls are implemented and the rules are followed.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T4.2.4.4

The entity shall take corrective action when information is transmitted through electronic messaging in a manner inconsistent with the

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

established rules.

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

 

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

 

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

 

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

 

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

 

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

 

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

 

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

 

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

 

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

 

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

 

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

 

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

 

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

 

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

 

CCF: Non-Encrypted Protocol Alarm

 

 

 

CCF: Early TLS/SSL Alarm

 

 

 

CCF: FIM Delete Activity Alarm

 

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

 

CCF: Unknown User Account Alarm

 

 

 

CCF: Priv Group Access Granted Alarm

 

 

T4.3.1

The entity shall protect information involved in electronic commerce passing over public networks from fraudulent activity, contract dispute, and unauthorized disclosure and modification.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T4.3.1.2

The entity shall identify appropriate security measures for information passing over public networks based on the risk assessment.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T4.3.1.4

The entity shall monitor e-commerce activities for on-going compliance with security requirements.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T4.3.3

The entity shall protect information being made available on a publicly available system against unauthorized modification.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T4.3.3.3

The entity shall monitor information being made available on publicly available systems for unauthorized modification.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T4.4.1

The entity shall ensure that connectivity to information sharing platforms should be secured.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T4.4.1.3

The entity shall identify specific controls needed to meet the security requirements for each information sharing platform.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T4.5.1

The entity shall ensure that all networks are adequately managed, controlled, and protected.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T4.5.1.4

The entity shall identify and implement specific network controls needed to mitigate the vulnerabilities identified.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T4.5.1.5

The entity shall continually monitor the in-place controls for efficiency and effectiveness.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T4.5.4

The entity shall ensure that all wireless networks are adequately secured.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: GeoIP General Activity

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: Misuse

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Social Media Event

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Config Change After Attack

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Windows RunAs Privilege Escalation

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Linux sudo Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Local Account Created and Used

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Privilege Escalation After Attack

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Blacklist Location Auth

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Early TLS/SSL Alarm

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Rogue Access Point Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Suspected Wireless Attack Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: Malware Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Vulnerability Detected Alarm

CCF: Privileged Account Modification Inv

CCF: Time Sync Error Summary

CCF: LogRhythm Silent Log Source Error Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Time Sync Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Patch Failure Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T4.5.4.3

The entity shall for each wireless network, identify the security controls that should be in place based on the required protection level of the information services, users, and information systems it supports.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: GeoIP General Activity

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: Misuse

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Social Media Event

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Config Change After Attack

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Windows RunAs Privilege Escalation

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Linux sudo Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Local Account Created and Used

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Privilege Escalation After Attack

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Blacklist Location Auth

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Early TLS/SSL Alarm

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Rogue Access Point Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Suspected Wireless Attack Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: Malware Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Vulnerability Detected Alarm

CCF: Privileged Account Modification Inv

CCF: Time Sync Error Summary

CCF: LogRhythm Silent Log Source Error Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Time Sync Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Patch Failure Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T4.5.4.4

The entity shall periodically evaluate the effectiveness of implemented segregation strategies and identify areas for improvement.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: GeoIP General Activity

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: Misuse

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Social Media Event

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Config Change After Attack

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Windows RunAs Privilege Escalation

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Linux sudo Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Local Account Created and Used

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Privilege Escalation After Attack

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Blacklist Location Auth

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Early TLS/SSL Alarm

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Rogue Access Point Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Suspected Wireless Attack Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: Malware Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Vulnerability Detected Alarm

CCF: Privileged Account Modification Inv

CCF: Time Sync Error Summary

CCF: LogRhythm Silent Log Source Error Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Time Sync Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Patch Failure Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T5.1.1

The entity shall establish an access control policy based on business and security requirements.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: GeoIP Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: Social Media Inv

CCF: GeoIP Summary

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: Social Media Summary

CCF: Linux sudo Privilege Escalation

 

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.1.1.5

The access control policy shall provide the framework to protect information from unauthorized access and grant access to the appropriate users and mobile devices.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: GeoIP Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: Social Media Inv

CCF: GeoIP Summary

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: Social Media Summary

CCF: Linux sudo Privilege Escalation

 

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

T5.2.1

The entity shall implement a formal user registration and de-registration procedure.

Augment

CCF: GeoIP General Activity

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Local Account Created and Used

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Privilege Escalation After Attack

 

 

CCF: Blacklist Location Auth

 

 

CCF: Unknown User Account Alarm

 

 

T5.2.1.2

The entity shall ensure that a separate account is created for each person requiring access, and prohibit sharing of same accounts across multiple users.

Augment

CCF: GeoIP General Activity

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Local Account Created and Used

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Privilege Escalation After Attack

 

 

CCF: Blacklist Location Auth

 

 

CCF: Unknown User Account Alarm

 

 

T5.2.1.3

The entity shall immediately revoke access from users who have changed roles or jobs or left the entity following the established procedure.

Augment

CCF: GeoIP General Activity

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Local Account Created and Used

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Privilege Escalation After Attack

 

 

CCF: Blacklist Location Auth

 

 

T5.2.1.4

The entity shall periodically check and revoke access related to temporary and inactive accounts.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: GeoIP Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: Social Media Inv

CCF: GeoIP Summary

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: Social Media Summary

CCF: Linux sudo Privilege Escalation

 

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: FIM Delete Activity Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.2.2

The entity shall restrict and control the allocation and use of privileges.

Augment

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Escalation Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Linux sudo Privilege Escalation

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

CCF: Privilege Escalation After Attack

 

CCF: Priv Group Access Granted Alarm

 

T5.2.2.1

The entity shall maintain a record of all allocated privileges.

Augment

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Escalation Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Linux sudo Privilege Escalation

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

CCF: Privilege Escalation After Attack

 

CCF: Priv Group Access Granted Alarm

 

T5.2.2.2

The entity shall never grant users with domain or local administrative privileges.

Augment

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Escalation Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Linux sudo Privilege Escalation

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

CCF: Privilege Escalation After Attack

 

CCF: Priv Group Access Granted Alarm

 

T5.2.2.3

The entity shall ensure that administrator accounts are used only for system administration activities (e.g. no email or web surfing).

Augment

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Escalation Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Linux sudo Privilege Escalation

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

CCF: Privilege Escalation After Attack

 

CCF: Priv Group Access Granted Alarm

 

T5.2.2.5

The entity shall ensure that all administrative access are logged and audited.

Augment

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Escalation Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Linux sudo Privilege Escalation

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

CCF: Privilege Escalation After Attack

 

CCF: Priv Group Access Granted Alarm

 

T5.2.3

The entity shall control the allocation of user security credentials.

Augment

CCF: Password Modified by Admin

CCF: Password Modification Inv

 

CCF: Admin Password Modified

CCF: Multiple Account Passwords Modified by Admin

CCF: Password Modified by Another User

CCF: Local Account Created and Used

T5.2.3.3

The entity shall in case of use of security credentials (i.e. passwords) change default security credentials of all systems and applications.

Augment

CCF: Password Modified by Admin

CCF: Password Modification Inv

 

CCF: Admin Password Modified

CCF: Multiple Account Passwords Modified by Admin

CCF: Password Modified by Another User

CCF: Local Account Created and Used

T5.4.1

The entity shall provide access to users only to the services that they have been specifically authorized to use.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: GeoIP Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: Social Media Inv

CCF: GeoIP Summary

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: Social Media Summary

CCF: Linux sudo Privilege Escalation

 

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Authentication Activity Summary

CCF: Blacklist Location Auth

 

CCF: Priv Account Management Activity Summary

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.4.1.2

The entity shall develop the framework for managing the network services and ensure the right level of protection provided against unauthorized access.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: GeoIP Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: Social Media Inv

CCF: GeoIP Summary

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Escalation Inv

CCF: Social Media Summary

CCF: Linux sudo Privilege Escalation

 

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

 

CCF: Blacklist Location Auth

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.4.2

The entity shall use appropriate authentication methods to control access of remote users.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: GeoIP Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: Social Media Inv

CCF: GeoIP Summary

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Escalation Inv

CCF: Social Media Summary

CCF: Linux sudo Privilege Escalation

 

CCF: User Priv Escalation (Windows) Summary

CCF: Concurrent VPN from Multiple Locations

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

 

CCF: Blacklist Location Auth

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.4.2.2

The entity shall ensure appropriate authentication methods to be used to control access by remote users.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: GeoIP Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: Social Media Inv

CCF: GeoIP Summary

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Escalation Inv

CCF: Social Media Summary

CCF: Linux sudo Privilege Escalation

 

CCF: User Priv Escalation (Windows) Summary

CCF: Concurrent VPN from Multiple Locations

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

 

CCF: Privilege Escalation After Attack

 

 

CCF: Blacklist Location Auth

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.4.2.3

The entity shall block access to a machine (either remotely or locally) for administrator-level accounts.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: GeoIP Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: Social Media Inv

CCF: GeoIP Summary

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Escalation Inv

CCF: Social Media Summary

CCF: Linux sudo Privilege Escalation

 

CCF: User Priv Escalation (Windows) Summary

CCF: Local Account Created and Used

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

 

CCF: Blacklist Location Auth

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.4.4

The entity shall control access for the purpose of diagnostic and configuration.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: GeoIP Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: Social Media Inv

CCF: GeoIP Summary

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Escalation Inv

CCF: Social Media Summary

CCF: Linux sudo Privilege Escalation

 

CCF: User Priv Escalation (Windows) Summary

CCF: Concurrent VPN from Multiple Locations

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

 

CCF: Privilege Escalation After Attack

 

 

CCF: Blacklist Location Auth

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.4.4.3

The entity shall enable access control mechanisms (including strong authentication) to allow access only to authorized personnel.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: GeoIP Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: Social Media Inv

CCF: GeoIP Summary

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Escalation Inv

CCF: Social Media Summary

CCF: Linux sudo Privilege Escalation

 

CCF: User Priv Escalation (Windows) Summary

CCF: Concurrent VPN from Multiple Locations

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

 

CCF: Privilege Escalation After Attack

 

 

CCF: Blacklist Location Auth

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.4.4.4

The entity shall log all remote access activities related to diagnostic and configuration.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: GeoIP Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: Social Media Inv

CCF: GeoIP Summary

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Escalation Inv

CCF: Social Media Summary

CCF: Linux sudo Privilege Escalation

 

CCF: User Priv Escalation (Windows) Summary

CCF: Concurrent VPN from Multiple Locations

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Privilege Escalation After Attack

 

 

CCF: Blacklist Location Auth

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.4.6

The entity shall implement network routing controls to ensure that computer connections and information flows do not breach the access control policy of the business applications.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: GeoIP General Activity

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Social Media Event

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Blacklist Location Auth

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Early TLS/SSL Alarm

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Rogue Access Point Alarm

CCF: Audit Log Inv

CCF: Social Media Summary

CCF: Suspected Wireless Attack Alarm

CCF: Compromises Detected Inv

CCF: Audit Log Summary

CCF: Malware Alarm

 

 

CCF: Vulnerability Detected Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T5.4.6.7

The entity shall monitor communications with external systems and with key internal systems for suspicious traffic.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: GeoIP General Activity

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Social Media Event

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Blacklist Location Auth

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Early TLS/SSL Alarm

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Rogue Access Point Alarm

CCF: Audit Log Inv

CCF: Social Media Summary

CCF: Suspected Wireless Attack Alarm

CCF: Compromises Detected Inv

CCF: Audit Log Summary

CCF: Malware Alarm

 

 

CCF: Vulnerability Detected Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T5.4.7

The entity shall ensure wireless access is secured.

Augment

CCF: Suspected Wireless Attack Alarm

CCF: Suspected Wireless Attack Inv

CCF: Suspected Wireless Attack Summary

T5.4.7.2

The entity shall authorize wireless access to the information system prior to allowing such connections.

Augment

CCF: Suspected Wireless Attack Alarm

CCF: Suspected Wireless Attack Inv

CCF: Suspected Wireless Attack Summary

T5.5.2

The entity shall create a unique identifier (user ID) for each user and implement a suitable authentication technique.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: GeoIP Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: Social Media Inv

CCF: GeoIP Summary

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: Social Media Summary

CCF: Linux sudo Privilege Escalation

 

CCF: User Priv Escalation (Windows) Summary

CCF: Concurrent VPN from Multiple Locations

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

CCF: Priv Authentication Activity Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Account Management Activity Summary

CCF: Blacklist Location Auth

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.5.2.3

The entity shall ensure all restricted activity are logged with the associated authenticated users.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: GeoIP Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: Social Media Inv

CCF: GeoIP Summary

CCF: Windows RunAs Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: Social Media Summary

CCF: Linux sudo Privilege Escalation

 

CCF: User Priv Escalation (Windows) Summary

CCF: Concurrent VPN from Multiple Locations

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

CCF: Priv Authentication Activity Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Account Management Activity Summary

CCF: Blacklist Location Auth

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.5.3

The entity shall implement a system for managing user credentials (i.e. passwords).

Augment

CCF: Password Modified by Admin

CCF: Password Modification Inv

 

CCF: Admin Password Modified

CCF: Multiple Account Passwords Modified by Admin

CCF: Password Modified by Another User

CCF: Local Account Created and Used

T5.5.3.1

The user credential management system shall automate the user credential change procedure ensuring the authenticity of the associate user identity.

Augment

CCF: Password Modified by Admin

CCF: Password Modification Inv

 

CCF: Admin Password Modified

CCF: Multiple Account Passwords Modified by Admin

CCF: Password Modified by Another User

CCF: Local Account Created and Used

T5.5.4

The entity shall restrict and control the use of utility programs that might be capable of overriding system and application controls.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation+D154

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Concurrent VPN from Multiple Locations

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

CCF: Priv Authentication Activity Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Account Management Activity Summary

CCF: Blacklist Location Auth

 

 

T5.5.4.3

The entity shall restrict use of utility programs only to authorized personnel.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Concurrent VPN from Multiple Locations

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

CCF: Priv Authentication Activity Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Account Management Activity Summary

CCF: Blacklist Location Auth

 

 

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.5.4.4

The entity shall monitor the use of utility programs.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Concurrent VPN from Multiple Locations

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

CCF: Priv Authentication Activity Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Account Management Activity Summary

CCF: Blacklist Location Auth

 

 

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.6.1

The entity shall restrict access to information and application system functions in accordance with the access control policy.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Concurrent VPN from Multiple Locations

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

CCF: Priv Authentication Activity Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Account Management Activity Summary

CCF: Blacklist Location Auth

 

 

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.6.1.1

The entity shall ensure access to information and application system functions

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

is restricted.

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

 

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

 

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

 

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

 

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

 

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

 

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

 

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

 

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

 

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

 

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

 

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

 

CCF: Concurrent VPN from Multiple Locations

 

CCF: User Priv Escalation (SU & SUDO) Summary

 

CCF: Local Account Created and Used

 

CCF: Priv Authentication Activity Summary

 

CCF: Privilege Escalation After Attack

 

CCF: Priv Account Management Activity Summary

 

CCF: Blacklist Location Auth

 

 

 

CCF: Non-Encrypted Protocol Alarm

 

 

 

CCF: Early TLS/SSL Alarm

 

 

 

CCF: FIM Delete Activity Alarm

 

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

 

CCF: Unknown User Account Alarm

 

 

 

CCF: Blacklisted Account Alarm

 

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.7.2

The entity shall implement security measures to protect information accessed, processed, or stored on teleworking sites.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Concurrent VPN from Multiple Locations

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

CCF: Priv Authentication Activity Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Account Management Activity Summary

CCF: Blacklist Location Auth

 

 

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T5.7.2.2

The entity shall authorize the usage of teleworking in accordance with the established security measures.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: FIM Information

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: Data Loss Prevention

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM General Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Add Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: FIM Abnormal Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP General Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: GeoIP Blacklisted Region Activity

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Misuse

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Social Media Event

CCF: Social Media Inv

CCF: Social Media Summary

CCF: Config Change After Attack

CCF: Critical Environment Error Inv

CCF: Critical Environment Error Summary

CCF: Windows RunAs Privilege Escalation

CCF: Config/Policy Change Inv

CCF: Config/Policy Change Summary

CCF: Linux sudo Privilege Escalation

CCF: Privileged Account Modification Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Concurrent VPN from Multiple Locations

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Local Account Created and Used

 

CCF: Priv Authentication Activity Summary

CCF: Privilege Escalation After Attack

 

CCF: Priv Account Management Activity Summary

CCF: Blacklist Location Auth

 

 

CCF: Non-Encrypted Protocol Alarm

 

 

CCF: Early TLS/SSL Alarm

 

 

CCF: FIM Delete Activity Alarm

 

 

CCF: LogRhythm Silent Log Source Error Alarm

 

 

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

T6.2.2

The entity shall monitor and review the services, reports, and records provided by the third party.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T6.2.2.3

The entity shall ensure that information security incidents and problems identified in the reports are managed properly.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Privileged Account Modification Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Vulnerability Detected Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: Backup Failure Alarm

 

CCF: Priv Authentication Activity Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

 

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T7.2.1

The entity shall develop information security requirements for new information systems or enhancements to existing information systems.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Privileged Account Modification Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T7.2.1.1

The security requirements shall be used for new information systems or enhancements to existing information systems.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Privileged Account Modification Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T7.2.1.3

The security requirements shall address all requirements for security controls identified during the risk assessment.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Privileged Account Modification Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T7.2.1.4

The security requirements shall outline how to verify that the requirements for security controls have been met.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Privileged Account Modification Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T7.3.3

The entity shall ensure authenticity and integrity of messages in applications.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Privileged Account Modification Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T7.3.3.1

The entity shall identify requirements to ensure authenticity and integrity of messages transmitted between systems and applications.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Privileged Account Modification Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T7.3.3.2

The entity shall adopt proper controls to address the identified requirements.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Privileged Account Modification Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T7.5.1

The entity shall control the installation of software on operational systems.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Privileged Account Modification Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

CCF: User Priv Escalation (SU & SUDO) Summary

CCF: LogRhythm Silent Log Source Error Alarm

 

CCF: Priv Authentication Activity Summary

CCF: Critical/PRD Envir Config/Policy Change Alarm

 

CCF: Priv Account Management Activity Summary

CCF: Time Sync Error Alarm

 

 

CCF: Critical/PRD Envir Patch Failure Alarm

 

 

CCF: Critical/PRD Envir Signature Failure Alarm

 

 

CCF: Audit Logging Stopped Alarm

 

 

CCF: Audit Log Cleared Alarm

 

 

CCF: Failed Audit Log Write Alarm

 

 

CCF: Unknown User Account Alarm

 

 

CCF: Blacklisted Account Alarm

 

 

CCF: Priv Group Access Granted Alarm

 

 

CCF: Compromise Detected Alarm

 

 

T7.5.1.4

The entity shall have a rollback strategy.

Augment

CCF: Abnormal Amount of Data Transferred

CCF: Physical Access Inv

CCF: Physical Access Summary

CCF: FIM Information

CCF: Host Access Granted And Revoked Inv

CCF: Host Access Granted And Revoked Detail

CCF: Data Loss Prevention

CCF: Use Of Non-Encrypted Protocols Inv

CCF: Use Of Non-Encrypted Protocols Summary

CCF: FIM General Activity

CCF: Applications Accessed By User Inv

CCF: Applications Accessed By User Summary

CCF: FIM Add Activity

CCF: LogRhythm Data Loss Defender Log Inv

CCF: LogRhythm Data Loss Defender Log Summary

CCF: FIM Abnormal Activity

CCF: Suspicious Users Inv

CCF: Top Suspicious Users

CCF: GeoIP General Activity

CCF: Object Access Inv

CCF: Object Access Summary

CCF: GeoIP Blacklisted Region Activity

CCF: User Misuse Inv

CCF: User Misuse Summary

CCF: Misuse

CCF: Unknown User Account Inv

CCF: Unknown User Account Detail

CCF: Social Media Event

CCF: GeoIP Inv

CCF: GeoIP Summary

CCF: Config Change After Attack

CCF: Rogue Access Point Inv

CCF: Compromises Detected Summary

CCF: Windows RunAs Privilege Escalation

CCF: Suspected Wireless Attack Inv

CCF: Rogue Access Point Summary

CCF: Linux sudo Privilege Escalation

CCF: Malware Detected Inv

CCF: Suspected Wireless Attack Summary

CCF: Local Account Created and Used

CCF: Vulnerability Detected Inv

CCF: Malware Detected Summary

CCF: Privilege Escalation After Attack

CCF: Social Media Inv

CCF: Vulnerability Detected Summary

CCF: Blacklist Location Auth

CCF: Critical Environment Error Inv

CCF: Social Media Summary

CCF: Backup Information

CCF: Signature Activity Inv

CCF: Critical Environment Error Summary

CCF: Non-Encrypted Protocol Alarm

CCF: Config/Policy Change Inv

CCF: Signature Activity Summary

CCF: Early TLS/SSL Alarm

CCF: Patch Applied Inv

CCF: Config/Policy Change Summary

CCF: FIM Delete Activity Alarm

CCF: Time Sync Error Inv

CCF: Patch Activity Summary

CCF: Rogue Access Point Alarm

CCF: Backup Activity Inv

CCF: Time Sync Error Summary

CCF: Suspected Wireless Attack Alarm

CCF: Audit Log Inv

CCF: Backup Activity Summary

CCF: Malware Alarm

CCF: Privileged Account Modification Inv

CCF: Audit Log Summary

CCF: Vulnerability Detected Alarm

CCF: Compromises Detected Inv

CCF: User Priv Escalation (Windows) Summary

CCF: Backup Failure Alarm

 

<