UAE-NESA – Requirements
Control ID | Control Description | Support | AIE Rules & Alarms | Investigations | Reports |
|---|---|---|---|---|---|
M1.3.5 | The entity shall identify and properly manage the risks related to its information and information systems for business processes involving external parties. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Windows RunAs Privilege Escalation | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Linux sudo Privilege Escalation |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
M1.3.5.1 | The entity shall identify risks to its information and information systems and implement the appropriate controls before granting access to any external party. | Augment | CCF: GeoIP General Activity | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: GeoIP Blacklisted Region Activity | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Misuse | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: Local Account Created and Used | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: Privilege Escalation After Attack | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: Blacklist Location Auth | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Early TLS/SSL Alarm | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Priv Group Access Granted Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
|
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
|
| CCF: Priv Authentication Activity Summary | |||
|
| CCF: Priv Account Management Activity Summary | |||
M1.3.5.3 | The entity shall identify and adopt proper controls to limit physical and logical access to information assets and entity information systems. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Windows RunAs Privilege Escalation | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Linux sudo Privilege Escalation |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
M1.3.5.4 | The entity shall monitor external party access to entity information and entity information systems. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Windows RunAs Privilege Escalation | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Linux sudo Privilege Escalation |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
M1.3.6 | The entity shall address all identified security requirements before giving customers access to the entity's information or assets. | Augment | CCF: GeoIP General Activity | CCF: Suspicious Users Inv | CCF: Host Access Granted And Revoked Detail |
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: Applications Accessed By User Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Top Suspicious Users | |||
CCF: Blacklist Location Auth | CCF: GeoIP Inv | CCF: Object Access Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: User Misuse Summary | |||
CCF: Unknown User Account Alarm |
| CCF: Unknown User Account Detail | |||
|
| CCF: GeoIP Summary | |||
M1.3.6.2 | The entity shall monitor any customer access and verify compliance to agreed access control policy. | Augment | CCF: GeoIP General Activity | CCF: Suspicious Users Inv | CCF: Host Access Granted And Revoked Detail |
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: Applications Accessed By User Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Top Suspicious Users | |||
CCF: Blacklist Location Auth | CCF: GeoIP Inv | CCF: Object Access Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: User Misuse Summary | |||
CCF: Unknown User Account Alarm |
| CCF: Unknown User Account Detail | |||
|
| CCF: GeoIP Summary | |||
M1.4.3 | The entity shall maintain, protect, and control documentation of its information security controls and their implementation. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: Backup Information | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Backup Activity Inv | CCF: Unknown User Account Detail | |||
CCF: Non-Encrypted Protocol Alarm |
| CCF: Backup Activity Summary | |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Backup Failure Alarm |
|
| |||
M1.4.3.5 | The entity shall ensure that documents are available to those who need them, are transferred, and stored in accordance with the procedures applicable to | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
their classification. | CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | ||
| CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | ||
| CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | ||
| CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | ||
| CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | ||
| CCF: Backup Information | CCF: User Misuse Inv | CCF: User Misuse Summary | ||
| CCF: Misuse | CCF: Backup Activity Inv | CCF: Unknown User Account Detail | ||
| CCF: Non-Encrypted Protocol Alarm |
| CCF: Backup Activity Summary | ||
| CCF: Early TLS/SSL Alarm |
|
| ||
| CCF: FIM Delete Activity Alarm |
|
| ||
| CCF: LogRhythm Silent Log Source Error Alarm |
|
| ||
| CCF: Backup Failure Alarm |
|
| ||
M1.4.3.7 | The entity shall ensure that documents of external origin are identified. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Backup Activity Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Blacklist Location Auth |
|
| |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Backup Failure Alarm |
|
| |||
M1.4.3.8 | The entity shall ensure that the distribution of documents is controlled. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Backup Activity Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Misuse | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Blacklist Location Auth |
| CCF: Backup Activity Summary | |||
CCF: Backup Information |
|
| |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Backup Failure Alarm |
|
| |||
M2.4.1 | The entity shall plan and document the process for the review and update of the risk assessment and treatment: this shall include planned reviews and updates as well as ad hoc updates if significant changes occur. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Windows RunAs Privilege Escalation | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Local Account Created and Used | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Privilege Escalation After Attack | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Blacklist Location Auth | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Compromises Detected Inv | CCF: Vulnerability Detected Summary | |||
CCF: Early TLS/SSL Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: FIM Delete Activity Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Rogue Access Point Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Suspected Wireless Attack Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Malware Alarm |
|
| |||
CCF: Vulnerability Detected Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M2.4.1.2 | The entity shall monitor security incidents (see T8.3.2, T8.3.3) that might trigger the risk assessment process. (see M2.2.1). | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Windows RunAs Privilege Escalation | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Local Account Created and Used | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Privilege Escalation After Attack | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Blacklist Location Auth | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Compromises Detected Inv | CCF: Vulnerability Detected Summary | |||
CCF: Early TLS/SSL Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: FIM Delete Activity Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Rogue Access Point Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Suspected Wireless Attack Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Malware Alarm |
|
| |||
CCF: Vulnerability Detected Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M4.4.3 | The entity shall remove access rights of all stakeholders to information and information systems upon termination of their employment, contract or agreement, or adjusted upon change. | Augment | CCF: Unknown User Account Alarm | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | ||||
M4.4.3.1 | The entity shall verify that the termination policy and procedure is followed for any termination or change of employment, contract or agreement with particular attention to revocation of credentials/access to any information facility. | Augment | CCF: Unknown User Account Alarm | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | ||||
M5.2.2 | The entity shall implement the appropriate procedures to ensure compliance with legislative, regulatory, and contractual requirements on the use of material in respect to which there may be intellectual property rights and on the use of proprietary software products. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Compromises Detected Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.2.2.3 | The entity shall determine specific system requirements resulting from the | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
identified requirements. | CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | ||
| CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | ||
| CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | ||
| CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | ||
| CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | ||
| CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | ||
| CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | ||
| CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | ||
| CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | ||
| CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | ||
| CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | ||
| CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | ||
| CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | ||
| CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | ||
| CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | ||
| CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | ||
| CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | ||
| CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | ||
| CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | ||
| CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | ||
| CCF: Suspected Wireless Attack Alarm | CCF: Compromises Detected Inv | CCF: Backup Activity Summary | ||
| CCF: Malware Alarm |
| CCF: User Priv Escalation (Windows) Summary | ||
| CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | ||
| CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | ||
| CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | ||
| CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| ||
| CCF: Time Sync Error Alarm |
|
| ||
| CCF: Critical/PRD Envir Patch Failure Alarm |
|
| ||
| CCF: Critical/PRD Envir Signature Failure Alarm |
|
| ||
| CCF: Unknown User Account Alarm |
|
| ||
| CCF: Priv Group Access Granted Alarm |
|
| ||
| CCF: Compromise Detected Alarm |
|
| ||
M5.2.2.4 | The entity shall define specific controls to ensure all intellectual property right protection requirements are met. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Compromises Detected Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.2.3 | The entity shall protect important records from loss, destruction, and falsification, in accordance with statutory, regulatory, contractual, and business requirements. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary |
CCF: FIM Information | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: Data Loss Prevention | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: FIM General Activity | CCF: Social Media Inv | CCF: Backup Activity Summary | |||
CCF: FIM Add Activity | CCF: Backup Activity Inv |
| |||
CCF: FIM Abnormal Activity |
|
| |||
CCF: Social Media Event |
|
| |||
CCF: Backup Information |
|
| |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: Backup Failure Alarm |
|
| |||
M5.2.3.2 | The entity shall determine specific system requirements resulting from the identified requirements. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary |
CCF: FIM Information | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: Data Loss Prevention | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: FIM General Activity | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: FIM Add Activity | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: FIM Abnormal Activity |
|
| |||
CCF: Social Media Event |
|
| |||
CCF: Backup Information |
|
| |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: Backup Failure Alarm |
|
| |||
M5.2.3.3 | The entity shall define specific controls to ensure all record protection requirements are met. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary |
CCF: FIM Information | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: Data Loss Prevention | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: FIM General Activity | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: FIM Add Activity | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: FIM Abnormal Activity |
|
| |||
CCF: Social Media Event |
|
| |||
CCF: Backup Information |
|
| |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: Backup Failure Alarm |
|
| |||
M5.2.3.4 | The entity shall periodically review requirements and associated controls for completeness. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary |
CCF: FIM Information | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: Data Loss Prevention | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: FIM General Activity | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: FIM Add Activity | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: FIM Abnormal Activity |
|
| |||
CCF: Social Media Event |
|
| |||
CCF: Backup Information |
|
| |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: Backup Failure Alarm |
|
| |||
M5.2.4 | The entity shall ensure data protection and privacy as required in relevant legislation, regulations, and, if applicable, contractual clauses. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary |
CCF: FIM Information | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: Data Loss Prevention | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: FIM General Activity | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: FIM Add Activity | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: FIM Abnormal Activity |
|
| |||
CCF: Social Media Event |
|
| |||
CCF: Backup Information |
|
| |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: Backup Failure Alarm |
|
| |||
M5.2.4.2 | The entity shall determine specific system requirements resulting from the identified requirements. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary |
CCF: FIM Information | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: Data Loss Prevention | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: FIM General Activity | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: FIM Add Activity | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: FIM Abnormal Activity |
|
| |||
CCF: Social Media Event |
|
| |||
CCF: Backup Information |
|
| |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: Backup Failure Alarm |
|
| |||
M5.2.4.3 | The entity shall define specific controls to ensure all data protection and privacy requirements are met. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary |
CCF: FIM Information | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: Data Loss Prevention | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: FIM General Activity | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: FIM Add Activity | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: FIM Abnormal Activity |
|
| |||
CCF: Social Media Event |
|
| |||
CCF: Backup Information |
|
| |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: Backup Failure Alarm |
|
| |||
M5.2.4.4 | The entity shall periodically review requirements and associated controls for completeness. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary |
CCF: FIM Information | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: Data Loss Prevention | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: FIM General Activity | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: FIM Add Activity | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: FIM Abnormal Activity |
|
| |||
CCF: Social Media Event |
|
| |||
CCF: Backup Information |
|
| |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: Backup Failure Alarm |
|
| |||
M5.2.5 | The entity shall deter users from using information systems for unauthorized purposes. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Config Change After Attack | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Local Account Created and Used | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Config/Policy Change Inv | CCF: Social Media Summary | |||
CCF: Blacklist Location Auth | CCF: Compromises Detected Inv | CCF: Config/Policy Change Summary | |||
CCF: Backup Information |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Non-Encrypted Protocol Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Early TLS/SSL Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: FIM Delete Activity Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Rogue Access Point Alarm |
|
| |||
CCF: Suspected Wireless Attack Alarm |
|
| |||
CCF: Malware Alarm |
|
| |||
CCF: Vulnerability Detected Alarm |
|
| |||
CCF: Backup Failure Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.2.5.2 | The entity shall develop the capability to monitor information systems for unauthorized use. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Config Change After Attack | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Local Account Created and Used | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Config/Policy Change Inv | CCF: Social Media Summary | |||
CCF: Blacklist Location Auth | CCF: Compromises Detected Inv | CCF: Config/Policy Change Summary | |||
CCF: Backup Information |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Non-Encrypted Protocol Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Early TLS/SSL Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: FIM Delete Activity Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Rogue Access Point Alarm |
|
| |||
CCF: Suspected Wireless Attack Alarm |
|
| |||
CCF: Malware Alarm |
|
| |||
CCF: Vulnerability Detected Alarm |
|
| |||
CCF: Backup Failure Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.2.5.3 | The entity shall take corrective action to stop unauthorized use of information systems when detected. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Config Change After Attack | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Local Account Created and Used | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Config/Policy Change Inv | CCF: Social Media Summary | |||
CCF: Blacklist Location Auth | CCF: Compromises Detected Inv | CCF: Config/Policy Change Summary | |||
CCF: Backup Information |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Non-Encrypted Protocol Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Early TLS/SSL Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: FIM Delete Activity Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Rogue Access Point Alarm |
|
| |||
CCF: Suspected Wireless Attack Alarm |
|
| |||
CCF: Malware Alarm |
|
| |||
CCF: Vulnerability Detected Alarm |
|
| |||
CCF: Backup Failure Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.2.6 | The entity shall use cryptographic controls in compliance with all relevant legislations, regulations, and agreements. | Augment | CCF: Non-Encrypted Protocol Alarm | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary |
CCF: Early TLS/SSL Alarm | |||||
M5.2.6.2 | The entity shall determine specific system requirements resulting from the identified requirements. | Augment | CCF: Non-Encrypted Protocol Alarm | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary |
CCF: Early TLS/SSL Alarm | |||||
M5.2.6.3 | The entity shall define specific controls to ensure all cryptographic control requirements are met. | Augment | CCF: Non-Encrypted Protocol Alarm | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary |
CCF: Early TLS/SSL Alarm | |||||
M5.2.6.4 | The entity shall periodically review requirements and associated controls for completeness. | Augment | CCF: Non-Encrypted Protocol Alarm | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary |
CCF: Early TLS/SSL Alarm | |||||
M5.3.1 | The entity's managers shall ensure that all security procedures within their area of responsibility are carried out correctly to achieve compliance with security policies and standards. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Compromises Detected Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.3.1.2 | Managers shall develop the capability to monitor the execution of identified | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
security procedures. | CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | ||
| CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | ||
| CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | ||
| CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | ||
| CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | ||
| CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | ||
| CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | ||
| CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | ||
| CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | ||
| CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | ||
| CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | ||
| CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | ||
| CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | ||
| CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | ||
| CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | ||
| CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | ||
| CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | ||
| CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | ||
| CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | ||
| CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | ||
| CCF: Suspected Wireless Attack Alarm | CCF: Compromises Detected Inv | CCF: Backup Activity Summary | ||
| CCF: Malware Alarm |
| CCF: User Priv Escalation (Windows) Summary | ||
| CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | ||
| CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | ||
| CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | ||
| CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| ||
| CCF: Time Sync Error Alarm |
|
| ||
| CCF: Critical/PRD Envir Patch Failure Alarm |
|
| ||
| CCF: Critical/PRD Envir Signature Failure Alarm |
|
| ||
| CCF: Unknown User Account Alarm |
|
| ||
| CCF: Priv Group Access Granted Alarm |
|
| ||
| CCF: Compromise Detected Alarm |
|
| ||
M5.3.1.3 | Managers shall take corrective action when issues regarding the execution of security procedures are identified. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Compromises Detected Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.4.1 | The entity shall ensure that information systems are regularly checked for compliance with the UAE IA Standards. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Compromises Detected Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.4.1.2 | The entity shall ensure results of compliance checking is performed by, and the results are reviewed by, authorized personnel with adequate technical capabilities. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Compromises Detected Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.4.1.3 | The entity shall report any issues detected during technical compliance checking to the appropriate authority for remediation. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Compromises Detected Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.5.1 | The entity shall ensure that audit requirements and activities involving checks on operational systems are carefully planned and agreed to minimize the risk of disruptions to business processes. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.5.1.1 | The entity shall assign responsibilities for internal audits of information system controls to an appropriate authority. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.5.1.2 | The entity shall define audit requirements for information system controls. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.5.1.3 | The entity shall outline an audit plan to meet audit requirements for information system controls. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.5.1.4 | The entity shall highlight measures taken to ensure audit activities minimize the risk of disruptions to business processes. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.5.2 | The entity shall protect access to information systems audit tools to prevent any possible misuse or compromise. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.5.2.1 | The entity shall identify all information systems audit tools. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Backup Information | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: Rogue Access Point Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Malware Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: Audit Log Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Time Sync Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.5.2.2 | The entity shall identify the types and classification levels of information stored in information systems audit tools. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M5.5.2.3 | The entity shall define minimum security requirements for information systems audit tools commensurate to the classification levels of the information held. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M6.2.1 | The entity shall monitor and evaluate the information security performance and the effectiveness of the information security management system. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M6.2.1.1 | The entity shall determine: | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
A. What needs to be monitored and measured, including information security processes and controls | CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | ||
B. The methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results | CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | ||
C. When the monitoring and measuring shall be performed | CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | ||
D. Who shall monitor and measure | CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | ||
E. When the results from monitoring and measurement shall be | CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | ||
analyzed and evaluated | CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | ||
F. Who shall analyze and evaluate these results. | CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | ||
| CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | ||
| CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | ||
| CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | ||
| CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | ||
| CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | ||
| CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | ||
| CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | ||
| CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | ||
| CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | ||
| CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | ||
| CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | ||
| CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | ||
| CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | ||
| CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | ||
| CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: Audit Log Summary | ||
| CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (Windows) Summary | ||
| CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | ||
| CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | ||
| CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | ||
| CCF: Time Sync Error Alarm |
|
| ||
| CCF: Critical/PRD Envir Patch Failure Alarm |
|
| ||
| CCF: Critical/PRD Envir Signature Failure Alarm |
|
| ||
| CCF: Audit Logging Stopped Alarm |
|
| ||
| CCF: Audit Log Cleared Alarm |
|
| ||
| CCF: Failed Audit Log Write Alarm |
|
| ||
| CCF: Unknown User Account Alarm |
|
| ||
| CCF: Priv Group Access Granted Alarm |
|
| ||
| CCF: Compromise Detected Alarm |
|
| ||
M6.2.1.2 | The entity shall document the monitoring and measurement methods and results. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M6.2.2 | The entity shall plan and conduct internal audits of the information security in place. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M6.3.1 | The entity shall correct any non-conformity with these Standards. The entity shall react to the nonconformity when it occurs, and take action to control and correct it, and to deal with the consequences. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
M6.3.1.1 | The entity shall evaluate the need for action to eliminate the causes of nonconformities, in order that it does not recur or occur elsewhere, by: | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
A. Reviewing the nonconformity | CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | ||
B. Determining the causes of the nonconformity | CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | ||
C. Determining if similar nonconformities exist, or could | CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | ||
potentially occur. | CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | ||
| CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | ||
| CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | ||
| CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | ||
| CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | ||
| CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | ||
| CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | ||
| CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | ||
| CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | ||
| CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | ||
| CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | ||
| CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | ||
| CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | ||
| CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | ||
| CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | ||
| CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | ||
| CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | ||
| CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | ||
| CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | ||
| CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | ||
| CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | ||
| CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | ||
| CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| ||
| CCF: Time Sync Error Alarm |
|
| ||
| CCF: Critical/PRD Envir Patch Failure Alarm |
|
| ||
| CCF: Critical/PRD Envir Signature Failure Alarm |
|
| ||
| CCF: Unknown User Account Alarm |
|
| ||
| CCF: Priv Group Access Granted Alarm |
|
| ||
| CCF: Compromise Detected Alarm |
|
| ||
T1.3.3 | The entity shall handle assets in accordance with the information classification scheme adopted by the entity. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T1.3.3.1 | The entity shall develop handling procedures for processing, storing and communicating information consistent with its classification and its attached label. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T1.3.3.2 | The entity shall safeguard the information in accordance with the established procedures. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T1.4.1 | The entity shall manage the removable media in accordance with the classification scheme adopted by the entity. | Augment | CCF: Data Loss Prevention | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary |
T1.4.1.2 | The entity shall identify the needed protection levels in accordance with the classification scheme. | Augment | CCF: Data Loss Prevention | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary |
T1.4.1.3 | The entity shall inhibit the use of removable media in those information systems that do not require it. | Augment | CCF: Data Loss Prevention | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary |
T1.4.1.4 | The entity shall control users of removable media. | Augment | CCF: Data Loss Prevention | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary |
T2.2.1 | The entity shall use security perimeters (barriers such as walls, card controlled entry gates, or manned reception desks) to protect areas that contain information and information systems. | Augment |
| CCF: Physical Access Inv | CCF: Physical Access Summary |
T2.2.1.2 | The entity shall define security perimeters for every classified security level to ensure the right level of protection is applied. | Augment |
| CCF: Physical Access Inv | CCF: Physical Access Summary |
T2.2.1.3 | The entity shall ensure the right security countermeasures are adopted to protect areas that contain information and information systems. | Augment |
| CCF: Physical Access Inv | CCF: Physical Access Summary |
T2.2.2 | The entity shall protect secure areas by appropriate entry controls to ensure that only authorized personnel are allowed access. | Augment |
| CCF: Physical Access Inv | CCF: Physical Access Summary |
T2.2.2.1 | The entity shall authenticate all persons accessing secure areas. | Augment |
| CCF: Physical Access Inv | CCF: Physical Access Summary |
T2.2.2.4 | The entity shall update and monitor access logs. | Augment |
| CCF: Physical Access Inv | CCF: Physical Access Summary |
T2.2.4 | The entity shall design and apply physical protection against natural disasters, malicious attacks, or accidents. | Augment | CCF: Backup Information | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary |
CCF: Backup Failure Alarm | CCF: Signature Activity Inv | CCF: Signature Activity Summary | |||
CCF: Critical/PRD Envir Patch Failure Alarm | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: Critical/PRD Envir Signature Failure Alarm | CCF: Physical Access Inv | CCF: Physical Access Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
T2.2.4.2 | The entity shall secure fallback equipment and backup media from damage caused by a natural or man-made disaster. | Augment | CCF: Backup Information | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary |
CCF: Backup Failure Alarm | CCF: Signature Activity Inv | CCF: Signature Activity Summary | |||
CCF: Critical/PRD Envir Patch Failure Alarm | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: Critical/PRD Envir Signature Failure Alarm | CCF: Physical Access Inv | CCF: Physical Access Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
T2.3.3 | The entity shall protect power and telecommunications cabling carrying data or supporting information services. | Augment | CCF: Data Loss Prevention | CCF: Rogue Access Point Inv | CCF: Rogue Access Point Summary |
CCF: Suspected Wireless Attack Alarm | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Rogue Access Point Alarm | CCF: Suspected Wireless Attack Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
T2.3.3.3 | The entity shall scan the network on a regular basis to identify unauthorized devices connected to the network (refer to T5.4.3). | Augment | CCF: Data Loss Prevention | CCF: Rogue Access Point Inv | CCF: Rogue Access Point Summary |
CCF: Suspected Wireless Attack Alarm | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Rogue Access Point Alarm | CCF: Suspected Wireless Attack Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
T3.2.3 | The entity shall control the changes to information systems. | Augment | CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary |
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM General Activity | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Information | CCF: Patch Applied Inv | CCF: Patch Activity Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Signature Activity Inv | CCF: Signature Activity Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: FIM Delete Activity Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T3.2.3.2 | The entity shall integrate specific process controls to ensure the change | Augment | CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary |
management process is executed correctly. | CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | ||
| CCF: FIM General Activity | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | ||
| CCF: FIM Information | CCF: Patch Applied Inv | CCF: Patch Activity Summary | ||
| CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | ||
| CCF: Windows RunAs Privilege Escalation | CCF: Signature Activity Inv | CCF: Signature Activity Summary | ||
| CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | ||
| CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | ||
| CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | ||
| CCF: FIM Delete Activity Alarm |
| CCF: Priv Account Management Activity Summary | ||
| CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| ||
| CCF: LogRhythm Silent Log Source Error Alarm |
|
| ||
| CCF: Critical/PRD Envir Patch Failure Alarm |
|
| ||
| CCF: Critical/PRD Envir Signature Failure Alarm |
|
| ||
| CCF: Priv Group Access Granted Alarm |
|
| ||
T3.2.3.3 | The entity shall define the systems to which the change management process applies. | Augment | CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary |
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM General Activity | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Information | CCF: Patch Applied Inv | CCF: Patch Activity Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Signature Activity Inv | CCF: Signature Activity Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: FIM Delete Activity Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T3.4.1 | The entity shall protect its information assets from malware. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Malware Detected Inv | CCF: Malware Detected Summary |
CCF: GeoIP Blacklisted Region Activity | CCF: Vulnerability Detected Inv | CCF: Vulnerability Detected Summary | |||
CCF: GeoIP General Activity | CCF: Compromises Detected Inv | CCF: Compromises Detected Summary | |||
CCF: Misuse | CCF: Rogue Access Point Inv | CCF: Rogue Access Point Summary | |||
CCF: Blacklist Location Auth | CCF: Suspected Wireless Attack Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Malware Alarm | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Vulnerability Detected Alarm | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Rogue Access Point Alarm | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: Suspected Wireless Attack Alarm | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Non-Encrypted Protocol Alarm | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.4.1.1 | The entity shall employ anti-malware protection mechanisms for the network as well as servers, workstations, laptops and other devices connected to it. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Malware Detected Inv | CCF: Malware Detected Summary |
CCF: GeoIP Blacklisted Region Activity | CCF: Vulnerability Detected Inv | CCF: Vulnerability Detected Summary | |||
CCF: GeoIP General Activity | CCF: Compromises Detected Inv | CCF: Compromises Detected Summary | |||
CCF: Misuse | CCF: Rogue Access Point Inv | CCF: Rogue Access Point Summary | |||
CCF: Blacklist Location Auth | CCF: Suspected Wireless Attack Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Malware Alarm | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Vulnerability Detected Alarm | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Rogue Access Point Alarm | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: Suspected Wireless Attack Alarm | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Non-Encrypted Protocol Alarm | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.4.1.2 | The entity shall ensure that all anti-malware protection are up-to-date. | Augment | CCF: Config Change After Attack | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary |
CCF: Critical/PRD Envir Config/Policy Change Alarm | CCF: Patch Applied Inv | CCF: Patch Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Critical/PRD Envir Patch Failure Alarm | CCF: Signature Activity Inv | CCF: Signature Activity Summary | |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
T3.4.1.3 | The entity shall periodically scan all information systems files as well as files downloaded from public networks. | Augment | "CCF: Malware Alarm | CCF: Malware Detected Inv | CCF: Malware Detected Summary |
CCF: Vulnerability Detected Alarm | CCF: Vulnerability Detected Inv | CCF: Vulnerability Detected Summary | |||
CCF: Rogue Access Point Alarm | CCF: Compromises Detected Inv | CCF: Compromises Detected Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Rogue Access Point Inv | CCF: Rogue Access Point Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Suspected Wireless Attack Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: Compromise Detected Alarm" |
|
| |||
T3.4.1.5 | The entity shall scan removable media for malware every time they are connected to the information systems. | Augment | CCF: Data Loss Prevention | CCF: Malware Detected Inv | CCF: Malware Detected Summary |
CCF: Malware Alarm | CCF: Vulnerability Detected Inv | CCF: Vulnerability Detected Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: Compromises Detected Summary | |||
CCF: Rogue Access Point Alarm | CCF: Rogue Access Point Inv | CCF: Rogue Access Point Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Suspected Wireless Attack Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.4.1.7 | The entity shall monitor anti-malware protection tools for malware detection events that should be logged and a notification should be sent to the administrators (refer to T.3.6.2). | Augment | CCF: Malware Alarm | CCF: Malware Detected Inv | CCF: Malware Detected Summary |
CCF: Vulnerability Detected Alarm | CCF: Vulnerability Detected Inv | CCF: Vulnerability Detected Summary | |||
CCF: Rogue Access Point Alarm | CCF: Compromises Detected Inv | CCF: Compromises Detected Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Rogue Access Point Inv | CCF: Rogue Access Point Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Suspected Wireless Attack Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.5.1 | The entity shall backup copies of its information and software. | Augment | CCF: Backup Information | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary |
CCF: Backup Failure Alarm | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
T3.5.1.2 | The entity shall establish and document clear backup procedures and system capabilities for all applicable backup requirements. | Augment | CCF: Backup Information | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary |
CCF: Backup Failure Alarm | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
T3.6.2 | The entity shall produce and keep audit logs recording user activities, exceptions, and information security events. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.6.2.1 | The entity shall identify all activities to be captured in audit logs for all hardware devices, operating systems and installed applications. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.6.2.2 | The entity shall identify minimum information requirements for each activity to be captured. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.6.2.3 | The entity shall define minimum frequency requirements for reviewing audit logs. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.6.2.4 | The entity shall ensure audit logs are reviewed by personnel with appropriate training and skills. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.6.2.5 | The entity shall define minimum time requirements for maintaining audit logs. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.6.3 | The entity shall monitor the use of information systems. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.6.3.1 | The entity shall identify all types of system use to be monitored. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Local Account Created and Used | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Privilege Escalation After Attack | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Blacklist Location Auth | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: Backup Information | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Rogue Access Point Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Suspected Wireless Attack Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Malware Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Vulnerability Detected Alarm |
|
| |||
CCF: Backup Failure Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.6.3.2 | The entity shall identify minimum information gathering requirements for each monitoring activity. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.6.3.3 | The entity shall define minimum frequency requirements for reviewing information gathered from monitoring activities. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.6.3.4 | The entity shall ensure information gathered from monitoring activities is reviewed by personnel with appropriate training and skills. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.6.3.5 | The entity shall define minimum time requirements for maintaining information gathered from monitoring activities. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.6.4 | The entity shall protect log information against tampering and unauthorized access. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Escalation Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.6.4.1 | The entity shall identify the log information across all information systems that shall be protected. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Escalation Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.6.4.2 | The entity shall ensure log information are protected commensurate to the sensitivity of the content of the logs | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Escalation Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T3.6.5 | The entity shall log system administrator and system operator activities. | Augment | CCF: GeoIP General Activity | CCF: Audit Log Inv | CCF: Host Access Granted And Revoked Detail |
CCF: GeoIP Blacklisted Region Activity | CCF: Privileged Account Escalation Inv | CCF: Applications Accessed By User Summary | |||
CCF: Misuse | CCF: Host Access Granted And Revoked Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: Social Media Event | CCF: Applications Accessed By User Inv | CCF: Top Suspicious Users | |||
CCF: Config Change After Attack | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Object Access Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspicious Users Inv | CCF: User Misuse Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Object Access Inv | CCF: Unknown User Account Detail | |||
CCF: Local Account Created and Used | CCF: User Misuse Inv | CCF: GeoIP Summary | |||
CCF: Privilege Escalation After Attack | CCF: Unknown User Account Inv | CCF: Audit Log Summary | |||
CCF: Blacklist Location Auth | CCF: GeoIP Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Audit Logging Stopped Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T3.6.5.1 | The entity shall identify all activities to be captured in administrator and operator logs. | Augment | CCF: GeoIP General Activity | CCF: Audit Log Inv | CCF: Host Access Granted And Revoked Detail |
CCF: GeoIP Blacklisted Region Activity | CCF: Privileged Account Escalation Inv | CCF: Applications Accessed By User Summary | |||
CCF: Misuse | CCF: Host Access Granted And Revoked Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: Social Media Event | CCF: Applications Accessed By User Inv | CCF: Top Suspicious Users | |||
CCF: Config Change After Attack | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Object Access Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspicious Users Inv | CCF: User Misuse Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Object Access Inv | CCF: Unknown User Account Detail | |||
CCF: Local Account Created and Used | CCF: User Misuse Inv | CCF: GeoIP Summary | |||
CCF: Privilege Escalation After Attack | CCF: Unknown User Account Inv | CCF: Audit Log Summary | |||
CCF: Blacklist Location Auth | CCF: GeoIP Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Audit Logging Stopped Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T3.6.5.2 | The entity shall identify minimum information requirements for each activity to be captured. | Augment | CCF: GeoIP General Activity | CCF: Audit Log Inv | CCF: Host Access Granted And Revoked Detail |
CCF: GeoIP Blacklisted Region Activity | CCF: Privileged Account Escalation Inv | CCF: Applications Accessed By User Summary | |||
CCF: Misuse | CCF: Host Access Granted And Revoked Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: Social Media Event | CCF: Applications Accessed By User Inv | CCF: Top Suspicious Users | |||
CCF: Config Change After Attack | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Object Access Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspicious Users Inv | CCF: User Misuse Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Object Access Inv | CCF: Unknown User Account Detail | |||
CCF: Local Account Created and Used | CCF: User Misuse Inv | CCF: GeoIP Summary | |||
CCF: Privilege Escalation After Attack | CCF: Unknown User Account Inv | CCF: Audit Log Summary | |||
CCF: Blacklist Location Auth | CCF: GeoIP Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Audit Logging Stopped Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T3.6.5.3 | The entity shall define minimum frequency requirements for reviewing administrator and operator logs. | Augment | CCF: GeoIP General Activity | CCF: Audit Log Inv | CCF: Host Access Granted And Revoked Detail |
CCF: GeoIP Blacklisted Region Activity | CCF: Privileged Account Escalation Inv | CCF: Applications Accessed By User Summary | |||
CCF: Misuse | CCF: Host Access Granted And Revoked Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: Social Media Event | CCF: Applications Accessed By User Inv | CCF: Top Suspicious Users | |||
CCF: Config Change After Attack | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Object Access Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspicious Users Inv | CCF: User Misuse Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Object Access Inv | CCF: Unknown User Account Detail | |||
CCF: Local Account Created and Used | CCF: User Misuse Inv | CCF: GeoIP Summary | |||
CCF: Privilege Escalation After Attack | CCF: Unknown User Account Inv | CCF: Audit Log Summary | |||
CCF: Blacklist Location Auth | CCF: GeoIP Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Audit Logging Stopped Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T3.6.5.4 | The entity shall ensure administrator and operator logs are reviewed by personnel with appropriate training and skills. | Augment | CCF: GeoIP General Activity | CCF: Audit Log Inv | CCF: Host Access Granted And Revoked Detail |
CCF: GeoIP Blacklisted Region Activity | CCF: Privileged Account Escalation Inv | CCF: Applications Accessed By User Summary | |||
CCF: Misuse | CCF: Host Access Granted And Revoked Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: Social Media Event | CCF: Applications Accessed By User Inv | CCF: Top Suspicious Users | |||
CCF: Config Change After Attack | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Object Access Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspicious Users Inv | CCF: User Misuse Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Object Access Inv | CCF: Unknown User Account Detail | |||
CCF: Local Account Created and Used | CCF: User Misuse Inv | CCF: GeoIP Summary | |||
CCF: Privilege Escalation After Attack | CCF: Unknown User Account Inv | CCF: Audit Log Summary | |||
CCF: Blacklist Location Auth | CCF: GeoIP Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Audit Logging Stopped Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T3.6.5.5 | The entity shall define minimum time requirements for maintaining administrator and operator logs | Augment | CCF: GeoIP General Activity | CCF: Audit Log Inv | CCF: Host Access Granted And Revoked Detail |
CCF: GeoIP Blacklisted Region Activity | CCF: Privileged Account Escalation Inv | CCF: Applications Accessed By User Summary | |||
CCF: Misuse | CCF: Host Access Granted And Revoked Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: Social Media Event | CCF: Applications Accessed By User Inv | CCF: Top Suspicious Users | |||
CCF: Config Change After Attack | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Object Access Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspicious Users Inv | CCF: User Misuse Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Object Access Inv | CCF: Unknown User Account Detail | |||
CCF: Local Account Created and Used | CCF: User Misuse Inv | CCF: GeoIP Summary | |||
CCF: Privilege Escalation After Attack | CCF: Unknown User Account Inv | CCF: Audit Log Summary | |||
CCF: Blacklist Location Auth | CCF: GeoIP Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Audit Logging Stopped Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T3.6.6 | The entity shall log faults related to information processing or communication. | Augment | CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary |
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Signature Activity Summary | |||
CCF: Backup Failure Alarm | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm | CCF: Time Sync Error Inv | CCF: Time Sync Error Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
T3.6.6.1 | The entity shall identify all faults to be captured in fault logs. | Augment | CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary |
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Signature Activity Summary | |||
CCF: Backup Failure Alarm | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm | CCF: Time Sync Error Inv | CCF: Time Sync Error Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
T3.6.6.2 | The entity shall identify minimum information requirements for each fault to be captured. | Augment | CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary |
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Signature Activity Summary | |||
CCF: Backup Failure Alarm | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm | CCF: Time Sync Error Inv | CCF: Time Sync Error Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
T3.6.6.3 | The entity shall define minimum frequency requirements for reviewing fault logs. | Augment | CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary |
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Signature Activity Summary | |||
CCF: Backup Failure Alarm | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm | CCF: Time Sync Error Inv | CCF: Time Sync Error Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
T3.6.6.5 | The entity shall define minimum time requirements for maintaining fault logs. | Augment | CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary |
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Signature Activity Summary | |||
CCF: Backup Failure Alarm | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm | CCF: Time Sync Error Inv | CCF: Time Sync Error Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
T3.6.7 | The entity shall synchronize clocks of all relevant information systems with an agreed accurate time source. | Augment | CCF: Time Sync Error Alarm | CCF: Time Sync Error Inv | CCF: Time Sync Error Summary |
T3.6.7.3 | The entity shall regularly check that the clocks of all relevant information processing systems are synchronized. | Augment | CCF: Time Sync Error Alarm | CCF: Time Sync Error Inv | CCF: Time Sync Error Summary |
T4.2.1 | The entity shall develop formal transfer procedures and controls should be in place to protect the exchange of information. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T4.2.1.3 | The procedures shall identify specific controls to be put in place to ensure information is adequately protected during transfer. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Authentication Activity Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Account Management Activity Summary | |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T4.2.1.4 | The procedures shall identify actions to be taken when issues arise regarding the transfer of information. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T4.2.2 | The entity shall establish agreements for the exchange of information and software between the entity and external parties. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T4.2.2.4 | The entity shall monitor the exchange of information and software with external parties to ensure the requirements in the agreement are being met. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T4.2.4 | The entity shall protect information involved in electronic messaging. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T4.2.4.3 | The entity shall develop the capability to monitor electronic messaging to ensure controls are implemented and the rules are followed. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T4.2.4.4 | The entity shall take corrective action when information is transmitted through electronic messaging in a manner inconsistent with the | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
established rules. | CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | ||
| CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | ||
| CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | ||
| CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | ||
| CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | ||
| CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | ||
| CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | ||
| CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | ||
| CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | ||
| CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | ||
| CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | ||
| CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | ||
| CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | ||
| CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | ||
| CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | ||
| CCF: Non-Encrypted Protocol Alarm |
|
| ||
| CCF: Early TLS/SSL Alarm |
|
| ||
| CCF: FIM Delete Activity Alarm |
|
| ||
| CCF: LogRhythm Silent Log Source Error Alarm |
|
| ||
| CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| ||
| CCF: Unknown User Account Alarm |
|
| ||
| CCF: Priv Group Access Granted Alarm |
|
| ||
T4.3.1 | The entity shall protect information involved in electronic commerce passing over public networks from fraudulent activity, contract dispute, and unauthorized disclosure and modification. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T4.3.1.2 | The entity shall identify appropriate security measures for information passing over public networks based on the risk assessment. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T4.3.1.4 | The entity shall monitor e-commerce activities for on-going compliance with security requirements. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T4.3.3 | The entity shall protect information being made available on a publicly available system against unauthorized modification. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T4.3.3.3 | The entity shall monitor information being made available on publicly available systems for unauthorized modification. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T4.4.1 | The entity shall ensure that connectivity to information sharing platforms should be secured. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T4.4.1.3 | The entity shall identify specific controls needed to meet the security requirements for each information sharing platform. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T4.5.1 | The entity shall ensure that all networks are adequately managed, controlled, and protected. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T4.5.1.4 | The entity shall identify and implement specific network controls needed to mitigate the vulnerabilities identified. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T4.5.1.5 | The entity shall continually monitor the in-place controls for efficiency and effectiveness. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T4.5.4 | The entity shall ensure that all wireless networks are adequately secured. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: GeoIP General Activity | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: Misuse | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Social Media Event | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Config Change After Attack | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Local Account Created and Used | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Privilege Escalation After Attack | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Rogue Access Point Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: Malware Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Privileged Account Modification Inv | CCF: Time Sync Error Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Time Sync Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Patch Failure Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T4.5.4.3 | The entity shall for each wireless network, identify the security controls that should be in place based on the required protection level of the information services, users, and information systems it supports. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: GeoIP General Activity | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: Misuse | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Social Media Event | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Config Change After Attack | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Local Account Created and Used | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Privilege Escalation After Attack | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Rogue Access Point Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: Malware Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Privileged Account Modification Inv | CCF: Time Sync Error Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Time Sync Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Patch Failure Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T4.5.4.4 | The entity shall periodically evaluate the effectiveness of implemented segregation strategies and identify areas for improvement. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: GeoIP General Activity | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: Misuse | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Social Media Event | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Config Change After Attack | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Local Account Created and Used | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Privilege Escalation After Attack | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Rogue Access Point Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: Malware Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Privileged Account Modification Inv | CCF: Time Sync Error Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Time Sync Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Patch Failure Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T5.1.1 | The entity shall establish an access control policy based on business and security requirements. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: Social Media Summary | |||
CCF: Linux sudo Privilege Escalation |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T5.1.1.5 | The access control policy shall provide the framework to protect information from unauthorized access and grant access to the appropriate users and mobile devices. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: Social Media Summary | |||
CCF: Linux sudo Privilege Escalation |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
T5.2.1 | The entity shall implement a formal user registration and de-registration procedure. | Augment | CCF: GeoIP General Activity | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Local Account Created and Used | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Privilege Escalation After Attack |
|
| |||
CCF: Blacklist Location Auth |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
T5.2.1.2 | The entity shall ensure that a separate account is created for each person requiring access, and prohibit sharing of same accounts across multiple users. | Augment | CCF: GeoIP General Activity | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Local Account Created and Used | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Privilege Escalation After Attack |
|
| |||
CCF: Blacklist Location Auth |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
T5.2.1.3 | The entity shall immediately revoke access from users who have changed roles or jobs or left the entity following the established procedure. | Augment | CCF: GeoIP General Activity | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Local Account Created and Used | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Privilege Escalation After Attack |
|
| |||
CCF: Blacklist Location Auth |
|
| |||
T5.2.1.4 | The entity shall periodically check and revoke access related to temporary and inactive accounts. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: Social Media Summary | |||
CCF: Linux sudo Privilege Escalation |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T5.2.2 | The entity shall restrict and control the allocation and use of privileges. | Augment | CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Escalation Inv | CCF: User Priv Escalation (Windows) Summary |
CCF: Linux sudo Privilege Escalation | CCF: User Priv Escalation (SU & SUDO) Summary | ||||
CCF: Local Account Created and Used |
| ||||
CCF: Privilege Escalation After Attack |
| ||||
CCF: Priv Group Access Granted Alarm |
| ||||
T5.2.2.1 | The entity shall maintain a record of all allocated privileges. | Augment | CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Escalation Inv | CCF: User Priv Escalation (Windows) Summary |
CCF: Linux sudo Privilege Escalation | CCF: User Priv Escalation (SU & SUDO) Summary | ||||
CCF: Local Account Created and Used |
| ||||
CCF: Privilege Escalation After Attack |
| ||||
CCF: Priv Group Access Granted Alarm |
| ||||
T5.2.2.2 | The entity shall never grant users with domain or local administrative privileges. | Augment | CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Escalation Inv | CCF: User Priv Escalation (Windows) Summary |
CCF: Linux sudo Privilege Escalation | CCF: User Priv Escalation (SU & SUDO) Summary | ||||
CCF: Local Account Created and Used |
| ||||
CCF: Privilege Escalation After Attack |
| ||||
CCF: Priv Group Access Granted Alarm |
| ||||
T5.2.2.3 | The entity shall ensure that administrator accounts are used only for system administration activities (e.g. no email or web surfing). | Augment | CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Escalation Inv | CCF: User Priv Escalation (Windows) Summary |
CCF: Linux sudo Privilege Escalation | CCF: User Priv Escalation (SU & SUDO) Summary | ||||
CCF: Local Account Created and Used |
| ||||
CCF: Privilege Escalation After Attack |
| ||||
CCF: Priv Group Access Granted Alarm |
| ||||
T5.2.2.5 | The entity shall ensure that all administrative access are logged and audited. | Augment | CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Escalation Inv | CCF: User Priv Escalation (Windows) Summary |
CCF: Linux sudo Privilege Escalation | CCF: User Priv Escalation (SU & SUDO) Summary | ||||
CCF: Local Account Created and Used |
| ||||
CCF: Privilege Escalation After Attack |
| ||||
CCF: Priv Group Access Granted Alarm |
| ||||
T5.2.3 | The entity shall control the allocation of user security credentials. | Augment | CCF: Password Modified by Admin | CCF: Password Modification Inv |
|
CCF: Admin Password Modified | |||||
CCF: Multiple Account Passwords Modified by Admin | |||||
CCF: Password Modified by Another User | |||||
CCF: Local Account Created and Used | |||||
T5.2.3.3 | The entity shall in case of use of security credentials (i.e. passwords) change default security credentials of all systems and applications. | Augment | CCF: Password Modified by Admin | CCF: Password Modification Inv |
|
CCF: Admin Password Modified | |||||
CCF: Multiple Account Passwords Modified by Admin | |||||
CCF: Password Modified by Another User | |||||
CCF: Local Account Created and Used | |||||
T5.4.1 | The entity shall provide access to users only to the services that they have been specifically authorized to use. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: Social Media Summary | |||
CCF: Linux sudo Privilege Escalation |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T5.4.1.2 | The entity shall develop the framework for managing the network services and ensure the right level of protection provided against unauthorized access. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Escalation Inv | CCF: Social Media Summary | |||
CCF: Linux sudo Privilege Escalation |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
|
| |||
CCF: Blacklist Location Auth |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T5.4.2 | The entity shall use appropriate authentication methods to control access of remote users. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Escalation Inv | CCF: Social Media Summary | |||
CCF: Linux sudo Privilege Escalation |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Concurrent VPN from Multiple Locations |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Local Account Created and Used |
|
| |||
CCF: Blacklist Location Auth |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T5.4.2.2 | The entity shall ensure appropriate authentication methods to be used to control access by remote users. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Escalation Inv | CCF: Social Media Summary | |||
CCF: Linux sudo Privilege Escalation |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Concurrent VPN from Multiple Locations |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Local Account Created and Used |
|
| |||
CCF: Privilege Escalation After Attack |
|
| |||
CCF: Blacklist Location Auth |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T5.4.2.3 | The entity shall block access to a machine (either remotely or locally) for administrator-level accounts. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Escalation Inv | CCF: Social Media Summary | |||
CCF: Linux sudo Privilege Escalation |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
|
| |||
CCF: Blacklist Location Auth |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T5.4.4 | The entity shall control access for the purpose of diagnostic and configuration. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Escalation Inv | CCF: Social Media Summary | |||
CCF: Linux sudo Privilege Escalation |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Concurrent VPN from Multiple Locations |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Local Account Created and Used |
|
| |||
CCF: Privilege Escalation After Attack |
|
| |||
CCF: Blacklist Location Auth |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T5.4.4.3 | The entity shall enable access control mechanisms (including strong authentication) to allow access only to authorized personnel. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Escalation Inv | CCF: Social Media Summary | |||
CCF: Linux sudo Privilege Escalation |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Concurrent VPN from Multiple Locations |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Local Account Created and Used |
|
| |||
CCF: Privilege Escalation After Attack |
|
| |||
CCF: Blacklist Location Auth |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T5.4.4.4 | The entity shall log all remote access activities related to diagnostic and configuration. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Escalation Inv | CCF: Social Media Summary | |||
CCF: Linux sudo Privilege Escalation |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Concurrent VPN from Multiple Locations |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack |
|
| |||
CCF: Blacklist Location Auth |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T5.4.6 | The entity shall implement network routing controls to ensure that computer connections and information flows do not breach the access control policy of the business applications. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary |
CCF: GeoIP General Activity | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Social Media Event | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Blacklist Location Auth | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Rogue Access Point Alarm | CCF: Audit Log Inv | CCF: Social Media Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Compromises Detected Inv | CCF: Audit Log Summary | |||
CCF: Malware Alarm |
|
| |||
CCF: Vulnerability Detected Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T5.4.6.7 | The entity shall monitor communications with external systems and with key internal systems for suspicious traffic. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary |
CCF: GeoIP General Activity | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Social Media Event | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Blacklist Location Auth | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Rogue Access Point Alarm | CCF: Audit Log Inv | CCF: Social Media Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Compromises Detected Inv | CCF: Audit Log Summary | |||
CCF: Malware Alarm |
|
| |||
CCF: Vulnerability Detected Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T5.4.7 | The entity shall ensure wireless access is secured. | Augment | CCF: Suspected Wireless Attack Alarm | CCF: Suspected Wireless Attack Inv | CCF: Suspected Wireless Attack Summary |
T5.4.7.2 | The entity shall authorize wireless access to the information system prior to allowing such connections. | Augment | CCF: Suspected Wireless Attack Alarm | CCF: Suspected Wireless Attack Inv | CCF: Suspected Wireless Attack Summary |
T5.5.2 | The entity shall create a unique identifier (user ID) for each user and implement a suitable authentication technique. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: Social Media Summary | |||
CCF: Linux sudo Privilege Escalation |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Concurrent VPN from Multiple Locations |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Local Account Created and Used |
| CCF: Priv Authentication Activity Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Account Management Activity Summary | |||
CCF: Blacklist Location Auth |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T5.5.2.3 | The entity shall ensure all restricted activity are logged with the associated authenticated users. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: Social Media Summary | |||
CCF: Linux sudo Privilege Escalation |
| CCF: User Priv Escalation (Windows) Summary | |||
CCF: Concurrent VPN from Multiple Locations |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Local Account Created and Used |
| CCF: Priv Authentication Activity Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Account Management Activity Summary | |||
CCF: Blacklist Location Auth |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T5.5.3 | The entity shall implement a system for managing user credentials (i.e. passwords). | Augment | CCF: Password Modified by Admin | CCF: Password Modification Inv |
|
CCF: Admin Password Modified | |||||
CCF: Multiple Account Passwords Modified by Admin | |||||
CCF: Password Modified by Another User | |||||
CCF: Local Account Created and Used | |||||
T5.5.3.1 | The user credential management system shall automate the user credential change procedure ensuring the authenticity of the associate user identity. | Augment | CCF: Password Modified by Admin | CCF: Password Modification Inv |
|
CCF: Admin Password Modified | |||||
CCF: Multiple Account Passwords Modified by Admin | |||||
CCF: Password Modified by Another User | |||||
CCF: Local Account Created and Used | |||||
T5.5.4 | The entity shall restrict and control the use of utility programs that might be capable of overriding system and application controls. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation+D154 | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Concurrent VPN from Multiple Locations |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Local Account Created and Used |
| CCF: Priv Authentication Activity Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Account Management Activity Summary | |||
CCF: Blacklist Location Auth |
|
| |||
T5.5.4.3 | The entity shall restrict use of utility programs only to authorized personnel. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Concurrent VPN from Multiple Locations |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Local Account Created and Used |
| CCF: Priv Authentication Activity Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Account Management Activity Summary | |||
CCF: Blacklist Location Auth |
|
| |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T5.5.4.4 | The entity shall monitor the use of utility programs. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Concurrent VPN from Multiple Locations |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Local Account Created and Used |
| CCF: Priv Authentication Activity Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Account Management Activity Summary | |||
CCF: Blacklist Location Auth |
|
| |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T5.6.1 | The entity shall restrict access to information and application system functions in accordance with the access control policy. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Concurrent VPN from Multiple Locations |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Local Account Created and Used |
| CCF: Priv Authentication Activity Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Account Management Activity Summary | |||
CCF: Blacklist Location Auth |
|
| |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T5.6.1.1 | The entity shall ensure access to information and application system functions | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
is restricted. | CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | ||
| CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | ||
| CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | ||
| CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | ||
| CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | ||
| CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | ||
| CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | ||
| CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | ||
| CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | ||
| CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | ||
| CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | ||
| CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | ||
| CCF: Concurrent VPN from Multiple Locations |
| CCF: User Priv Escalation (SU & SUDO) Summary | ||
| CCF: Local Account Created and Used |
| CCF: Priv Authentication Activity Summary | ||
| CCF: Privilege Escalation After Attack |
| CCF: Priv Account Management Activity Summary | ||
| CCF: Blacklist Location Auth |
|
| ||
| CCF: Non-Encrypted Protocol Alarm |
|
| ||
| CCF: Early TLS/SSL Alarm |
|
| ||
| CCF: FIM Delete Activity Alarm |
|
| ||
| CCF: LogRhythm Silent Log Source Error Alarm |
|
| ||
| CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| ||
| CCF: Unknown User Account Alarm |
|
| ||
| CCF: Blacklisted Account Alarm |
|
| ||
| CCF: Priv Group Access Granted Alarm |
|
| ||
T5.7.2 | The entity shall implement security measures to protect information accessed, processed, or stored on teleworking sites. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Concurrent VPN from Multiple Locations |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Local Account Created and Used |
| CCF: Priv Authentication Activity Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Account Management Activity Summary | |||
CCF: Blacklist Location Auth |
|
| |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T5.7.2.2 | The entity shall authorize the usage of teleworking in accordance with the established security measures. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Social Media Event | CCF: Social Media Inv | CCF: Social Media Summary | |||
CCF: Config Change After Attack | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Concurrent VPN from Multiple Locations |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Local Account Created and Used |
| CCF: Priv Authentication Activity Summary | |||
CCF: Privilege Escalation After Attack |
| CCF: Priv Account Management Activity Summary | |||
CCF: Blacklist Location Auth |
|
| |||
CCF: Non-Encrypted Protocol Alarm |
|
| |||
CCF: Early TLS/SSL Alarm |
|
| |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T6.2.2 | The entity shall monitor and review the services, reports, and records provided by the third party. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T6.2.2.3 | The entity shall ensure that information security incidents and problems identified in the reports are managed properly. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Privileged Account Modification Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Vulnerability Detected Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T7.2.1 | The entity shall develop information security requirements for new information systems or enhancements to existing information systems. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T7.2.1.1 | The security requirements shall be used for new information systems or enhancements to existing information systems. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T7.2.1.3 | The security requirements shall address all requirements for security controls identified during the risk assessment. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T7.2.1.4 | The security requirements shall outline how to verify that the requirements for security controls have been met. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T7.3.3 | The entity shall ensure authenticity and integrity of messages in applications. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T7.3.3.1 | The entity shall identify requirements to ensure authenticity and integrity of messages transmitted between systems and applications. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T7.3.3.2 | The entity shall adopt proper controls to address the identified requirements. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T7.5.1 | The entity shall control the installation of software on operational systems. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T7.5.1.4 | The entity shall have a rollback strategy. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T7.5.1.5 | The entity shall have an audit log of all software installations. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T7.5.3 | The entity shall restrict the access to program source code. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: User Misuse Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: GeoIP Inv | CCF: Audit Log Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Backup Activity Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used | CCF: Audit Log Inv | CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack | CCF: Privileged Account Modification Inv | CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T7.5.3.3 | The entity shall keep an audit log of all accesses. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail |
CCF: FIM Information | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: Data Loss Prevention | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM General Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Add Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: FIM Abnormal Activity | CCF: User Misuse Inv | CCF: Object Access Summary | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: User Misuse Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: Unknown User Account Detail | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: GeoIP Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: GeoIP Inv | CCF: Audit Log Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Backup Activity Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Local Account Created and Used | CCF: Audit Log Inv | CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Privilege Escalation After Attack | CCF: Privileged Account Modification Inv | CCF: Priv Authentication Activity Summary | |||
CCF: Blacklist Location Auth |
| CCF: Priv Account Management Activity Summary | |||
CCF: FIM Delete Activity Alarm |
|
| |||
CCF: LogRhythm Silent Log Source Error Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T7.6.1 | The entity shall control the implementation of changes by the use of formal change control procedures. | Augment | CCF: FIM Information | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary |
CCF: Data Loss Prevention | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: FIM General Activity | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: FIM Add Activity | CCF: Signature Activity Inv | CCF: Signature Activity Summary | |||
CCF: FIM Abnormal Activity | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Config Change After Attack | CCF: Patch Applied Inv | CCF: Patch Activity Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Time Sync Error Inv | CCF: Time Sync Error Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: Privilege Escalation After Attack | CCF: Audit Log Inv | CCF: Audit Log Summary | |||
CCF: Backup Information | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: FIM Delete Activity Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T7.6.1.2 | The entity shall keep track record of all changes. | Augment | CCF: FIM Information | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary |
CCF: Data Loss Prevention | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: FIM General Activity | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: FIM Add Activity | CCF: Signature Activity Inv | CCF: Signature Activity Summary | |||
CCF: FIM Abnormal Activity | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Config Change After Attack | CCF: Patch Applied Inv | CCF: Patch Activity Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Time Sync Error Inv | CCF: Time Sync Error Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: Privilege Escalation After Attack | CCF: Audit Log Inv | CCF: Audit Log Summary | |||
CCF: Backup Information | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: FIM Delete Activity Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T7.6.2 | The entity shall review and test business critical applications after changes in the operating systems. | Augment | CCF: FIM Information | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary |
CCF: Data Loss Prevention | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: FIM General Activity | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: FIM Add Activity | CCF: Signature Activity Inv | CCF: Signature Activity Summary | |||
CCF: FIM Abnormal Activity | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Config Change After Attack | CCF: Patch Applied Inv | CCF: Patch Activity Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Time Sync Error Inv | CCF: Time Sync Error Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: Privilege Escalation After Attack | CCF: Audit Log Inv | CCF: Audit Log Summary | |||
CCF: Backup Information | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: FIM Delete Activity Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T7.6.2.2 | The entity shall monitor operating system and application logs for any anomaly. | Augment | CCF: FIM Information | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary |
CCF: Data Loss Prevention | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: FIM General Activity | CCF: Critical Environment Error Inv | CCF: Critical Environment Error Summary | |||
CCF: FIM Add Activity | CCF: Signature Activity Inv | CCF: Signature Activity Summary | |||
CCF: FIM Abnormal Activity | CCF: Config/Policy Change Inv | CCF: Config/Policy Change Summary | |||
CCF: Config Change After Attack | CCF: Patch Applied Inv | CCF: Patch Activity Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Time Sync Error Inv | CCF: Time Sync Error Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Backup Activity Inv | CCF: Backup Activity Summary | |||
CCF: Privilege Escalation After Attack | CCF: Audit Log Inv | CCF: Audit Log Summary | |||
CCF: Backup Information | CCF: Privileged Account Modification Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: FIM Delete Activity Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: Backup Failure Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
|
| |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
T7.6.4 | The entity shall prevent opportunities for information leakage. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T7.6.4.1 | The entity shall Adopt Data Leak Prevention (DLP) measures. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T7.6.4.2 | The entity shall adopt identity and access management solutions to limit access to critical data only to authorized personnel. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T8.2.1 | The entity shall develop a plan to guide incident response activities. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T8.2.1.4 | The entity shall develop an incident response plan encompassing the required resources and capabilities to be defined. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T8.2.3 | The entity shall assess and classify information security incidents. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T8.2.3.1 | The entity shall establish an incident classification scheme in line with the incident response policy taking into account NESA’s issuances with regard to incident management. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T8.2.3.2 | The entity shall assess and identify the incidents that should be reported at the sector and national level. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T8.2.7 | The entity shall document all information security incidents. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T8.2.7.1 | The entity shall identify the relevant data to be collected before, during and after an information security incident takes place. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T8.2.7.2 | The entity shall collect and document relevant data related to all security incidents. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T8.2.7.3 | The entity shall protect the information security incident documentation. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T8.2.9 | The entity shall identify, collect, and preserve the information, which can serve as evidence. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T8.2.9.2 | The entity shall establish procedures for collecting evidence taking into account: • Chain of custody | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
• Safety of evidence | CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | ||
• Safety of the personnel | CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | ||
• Roles and responsibilities of personnel involved | CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | ||
• Competency of the personnel | CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | ||
• Documentation | CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | ||
• Briefing | CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | ||
• Other identified requirements | CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | ||
| CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | ||
| CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | ||
| CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | ||
| CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | ||
| CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | ||
| CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | ||
| CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | ||
| CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | ||
| CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | ||
| CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | ||
| CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | ||
| CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | ||
| CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | ||
| CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | ||
| CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | ||
| CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | ||
| CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | ||
| CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | ||
| CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | ||
| CCF: Time Sync Error Alarm |
|
| ||
| CCF: Critical/PRD Envir Patch Failure Alarm |
|
| ||
| CCF: Critical/PRD Envir Signature Failure Alarm |
|
| ||
| CCF: Audit Logging Stopped Alarm |
|
| ||
| CCF: Audit Log Cleared Alarm |
|
| ||
| CCF: Failed Audit Log Write Alarm |
|
| ||
| CCF: Unknown User Account Alarm |
|
| ||
| CCF: Blacklisted Account Alarm |
|
| ||
| CCF: Priv Group Access Granted Alarm |
|
| ||
| CCF: Compromise Detected Alarm |
|
| ||
T8.3.2 | The entity shall report information security events through appropriate management channels. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T8.3.2.3 | The entity shall establish an event communication and reporting approach to the appropriate stakeholder (including appropriate authority). | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T9.2.2 | The entity shall implement for the established information security plans. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
T9.2.2.1 | The entity shall establish information systems continuity capabilities based on the established plans. | Augment | CCF: Abnormal Amount of Data Transferred | CCF: Physical Access Inv | CCF: Physical Access Summary |
CCF: FIM Information | CCF: Host Access Granted And Revoked Inv | CCF: Host Access Granted And Revoked Detail | |||
CCF: Data Loss Prevention | CCF: Use Of Non-Encrypted Protocols Inv | CCF: Use Of Non-Encrypted Protocols Summary | |||
CCF: FIM General Activity | CCF: Applications Accessed By User Inv | CCF: Applications Accessed By User Summary | |||
CCF: FIM Add Activity | CCF: LogRhythm Data Loss Defender Log Inv | CCF: LogRhythm Data Loss Defender Log Summary | |||
CCF: FIM Abnormal Activity | CCF: Suspicious Users Inv | CCF: Top Suspicious Users | |||
CCF: GeoIP General Activity | CCF: Object Access Inv | CCF: Object Access Summary | |||
CCF: GeoIP Blacklisted Region Activity | CCF: User Misuse Inv | CCF: User Misuse Summary | |||
CCF: Misuse | CCF: Unknown User Account Inv | CCF: Unknown User Account Detail | |||
CCF: Social Media Event | CCF: GeoIP Inv | CCF: GeoIP Summary | |||
CCF: Config Change After Attack | CCF: Rogue Access Point Inv | CCF: Compromises Detected Summary | |||
CCF: Windows RunAs Privilege Escalation | CCF: Suspected Wireless Attack Inv | CCF: Rogue Access Point Summary | |||
CCF: Linux sudo Privilege Escalation | CCF: Malware Detected Inv | CCF: Suspected Wireless Attack Summary | |||
CCF: Local Account Created and Used | CCF: Vulnerability Detected Inv | CCF: Malware Detected Summary | |||
CCF: Privilege Escalation After Attack | CCF: Social Media Inv | CCF: Vulnerability Detected Summary | |||
CCF: Blacklist Location Auth | CCF: Critical Environment Error Inv | CCF: Social Media Summary | |||
CCF: Backup Information | CCF: Signature Activity Inv | CCF: Critical Environment Error Summary | |||
CCF: Non-Encrypted Protocol Alarm | CCF: Config/Policy Change Inv | CCF: Signature Activity Summary | |||
CCF: Early TLS/SSL Alarm | CCF: Patch Applied Inv | CCF: Config/Policy Change Summary | |||
CCF: FIM Delete Activity Alarm | CCF: Time Sync Error Inv | CCF: Patch Activity Summary | |||
CCF: Rogue Access Point Alarm | CCF: Backup Activity Inv | CCF: Time Sync Error Summary | |||
CCF: Suspected Wireless Attack Alarm | CCF: Audit Log Inv | CCF: Backup Activity Summary | |||
CCF: Malware Alarm | CCF: Privileged Account Modification Inv | CCF: Audit Log Summary | |||
CCF: Vulnerability Detected Alarm | CCF: Compromises Detected Inv | CCF: User Priv Escalation (Windows) Summary | |||
CCF: Backup Failure Alarm |
| CCF: User Priv Escalation (SU & SUDO) Summary | |||
CCF: LogRhythm Silent Log Source Error Alarm |
| CCF: Priv Authentication Activity Summary | |||
CCF: Critical/PRD Envir Config/Policy Change Alarm |
| CCF: Priv Account Management Activity Summary | |||
CCF: Time Sync Error Alarm |
|
| |||
CCF: Critical/PRD Envir Patch Failure Alarm |
|
| |||
CCF: Critical/PRD Envir Signature Failure Alarm |
|
| |||
CCF: Audit Logging Stopped Alarm |
|
| |||
CCF: Audit Log Cleared Alarm |
|
| |||
CCF: Failed Audit Log Write Alarm |
|
| |||
CCF: Unknown User Account Alarm |
|
| |||
CCF: Blacklisted Account Alarm |
|
| |||
CCF: Priv Group Access Granted Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
| |||
CCF: Compromise Detected Alarm |
|
|