compliance controls are associated with this Policy definition 'Resource logs in Azure Kubernetes Service should be enabled' (245fc9df-fa96-4414-9a0b-3738c2f7341c)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| Azure_Security_Benchmark_v3.0 |
LT-3 |
Azure_Security_Benchmark_v3.0_LT-3 |
Microsoft cloud security benchmark LT-3 |
Logging and Threat Detection |
Enable logging for security investigation |
Shared |
**Security Principle:**
Enable logging for your cloud resources to meet the requirements for security incident investigations and security response and compliance purposes.
**Azure Guidance:**
Enable logging capability for resources at the different tiers, such as logs for Azure resources, operating systems and applications inside in your VMs and other log types.
Be mindful about different type of logs for security, audit, and other operation logs at the management/control plane and data plane tiers. There are three types of the logs available at the Azure platform:
- Azure resource log: Logging of operations that are performed within an Azure resource (the data plane). For example, getting a secret from a key vault or making a request to a database. The content of resource logs varies by the Azure service and resource type.
- Azure activity log: Logging of operations on each Azure resource at the subscription layer, from the outside (the management plane). You can use the Activity Log to determine the what, who, and when for any write operations (PUT, POST, DELETE) taken on the resources in your subscription. There is a single Activity log for each Azure subscription.
- Microsoft Entra logs: Logs of the history of sign-in activity and audit trail of changes made in the Microsoft Entra ID for a particular tenant.
You can also use Microsoft Defender for Cloud and Azure Policy to enable resource logs and log data collecting on Azure resources.
**Implementation and additional context:**
Understand logging and different log types in Azure:
https://docs.microsoft.com/azure/azure-monitor/platform/platform-logs-overview
Understand Microsoft Defender for Cloud data collection:
https://docs.microsoft.com/azure/security-center/security-center-enable-data-collection
Enable and configure antimalware monitoring:
https://docs.microsoft.com/azure/security/fundamentals/antimalware#enable-and-configure-antimalware-monitoring-using-powershell-cmdlets
Operating systems and application logs inside in your compute resources:
https://docs.microsoft.com/azure/azure-monitor/agents/data-sources#operating-system-guest |
n/a |
link |
16 |
| New_Zealand_ISM |
23.5.11.C.01 |
New_Zealand_ISM_23.5.11.C.01 |
New_Zealand_ISM_23.5.11.C.01 |
23. Public Cloud Security |
23.5.11.C.01 Logging requirements |
|
n/a |
Agencies MUST ensure that logs associated with public cloud services are collected, protected, and that their integrity can be confirmed in accordance with the agency’s documented logging requirements. |
|
19 |
| NL_BIO_Cloud_Theme |
U.15.1(2) |
NL_BIO_Cloud_Theme_U.15.1(2) |
NL_BIO_Cloud_Theme_U.15.1(2) |
U.15 Logging and monitoring |
Events Logged |
|
n/a |
The malware protection is carried out on various environments, such as on mail servers, (desktop) computers and when accessing the organization's network. The scan for malware includes: all files received over networks or through any form of storage medium, even before use; all attachments and downloads even before use; virtual machines; network traffic. |
|
46 |
| NZ_ISM_v3.5 |
AC-18 |
NZ_ISM_v3.5_AC-18 |
NZISM Security Benchmark AC-18 |
Access Control and Passwords |
16.6.9 Events to be logged |
Customer |
n/a |
The events to be logged are key elements in the monitoring of the security posture of systems and contributing to reviews, audits, investigations and incident management. |
link |
17 |
|
op.exp.8 Recording of the activity |
op.exp.8 Recording of the activity |
404 not found |
|
|
|
n/a |
n/a |
|
67 |
|
U.15.1 - Events logged |
U.15.1 - Events logged |
404 not found |
|
|
|
n/a |
n/a |
|
40 |