compliance controls are associated with this Policy definition 'Conduct a full text analysis of logged privileged commands' (8eea8c14-4d93-63a3-0c82-000343ee5204)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
AC-6(9) |
FedRAMP_High_R4_AC-6(9) |
FedRAMP High AC-6 (9) |
Access Control |
Auditing Use Of Privileged Functions |
Shared |
n/a |
The information system audits the execution of privileged functions.
Supplemental Guidance: Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse, and in doing so, help mitigate the risk from insider threats and the advanced persistent threat (APT). Related control: AU-2. |
link |
6 |
| FedRAMP_Moderate_R4 |
AC-6(9) |
FedRAMP_Moderate_R4_AC-6(9) |
FedRAMP Moderate AC-6 (9) |
Access Control |
Auditing Use Of Privileged Functions |
Shared |
n/a |
The information system audits the execution of privileged functions.
Supplemental Guidance: Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse, and in doing so, help mitigate the risk from insider threats and the advanced persistent threat (APT). Related control: AU-2. |
link |
6 |
| hipaa |
1151.01c3System.1-01.c |
hipaa-1151.01c3System.1-01.c |
1151.01c3System.1-01.c |
11 Access Control |
1151.01c3System.1-01.c 01.02 Authorized Access to Information Systems |
Shared |
n/a |
The organization limits authorization to privileged accounts on information systems to a pre-defined subset of users. |
|
7 |
| hipaa |
1152.01c3System.2-01.c |
hipaa-1152.01c3System.2-01.c |
1152.01c3System.2-01.c |
11 Access Control |
1152.01c3System.2-01.c 01.02 Authorized Access to Information Systems |
Shared |
n/a |
The organization audits the execution of privileged functions on information systems and ensures information systems prevent non-privileged users from executing privileged functions. |
|
9 |
| hipaa |
1214.09ab2System.3456-09.ab |
hipaa-1214.09ab2System.3456-09.ab |
1214.09ab2System.3456-09.ab |
12 Audit Logging & Monitoring |
1214.09ab2System.3456-09.ab 09.10 Monitoring |
Shared |
n/a |
Monitoring includes privileged operations, authorized access or unauthorized access attempts, including attempts to access deactivated accounts, and system alerts or failures. |
|
9 |
| hipaa |
1232.09c3Organizational.12-09.c |
hipaa-1232.09c3Organizational.12-09.c |
1232.09c3Organizational.12-09.c |
12 Audit Logging & Monitoring |
1232.09c3Organizational.12-09.c 09.01 Documented Operating Procedures |
Shared |
n/a |
Access for individuals responsible for administering access controls is limited to the minimum necessary based upon each user's role and responsibilities and these individuals cannot access audit functions related to these controls. |
|
21 |
| hipaa |
1270.09ad1System.12-09.ad |
hipaa-1270.09ad1System.12-09.ad |
1270.09ad1System.12-09.ad |
12 Audit Logging & Monitoring |
1270.09ad1System.12-09.ad 09.10 Monitoring |
Shared |
n/a |
The organization ensures proper logging is enabled in order to audit administrator activities; and reviews system administrator and operator logs on a regular basis. |
|
18 |
| hipaa |
1276.09c2Organizational.2-09.c |
hipaa-1276.09c2Organizational.2-09.c |
1276.09c2Organizational.2-09.c |
12 Audit Logging & Monitoring |
1276.09c2Organizational.2-09.c 09.01 Documented Operating Procedures |
Shared |
n/a |
Security audit activities are independent. |
|
18 |
| hipaa |
1451.05iCSPOrganizational.2-05.i |
hipaa-1451.05iCSPOrganizational.2-05.i |
1451.05iCSPOrganizational.2-05.i |
14 Third Party Assurance |
1451.05iCSPOrganizational.2-05.i 05.02 External Parties |
Shared |
n/a |
Cloud service providers design and implement controls to mitigate and contain data security risks through proper separation of duties, role-based access, and least-privilege access for all personnel within their supply chain. |
|
21 |
| ISO27001-2013 |
A.12.4.1 |
ISO27001-2013_A.12.4.1 |
ISO 27001:2013 A.12.4.1 |
Operations Security |
Event Logging |
Shared |
n/a |
Event logs recording user activities, exceptions, faults and information security events shall be produced, kept and regularly reviewed. |
link |
53 |
| ISO27001-2013 |
A.12.4.3 |
ISO27001-2013_A.12.4.3 |
ISO 27001:2013 A.12.4.3 |
Operations Security |
Administrator and operator logs |
Shared |
n/a |
System administrator and system operator activities shall be logged and the logs protected and regularly reviewed. |
link |
29 |
| NIST_SP_800-171_R2_3 |
.1.7 |
NIST_SP_800-171_R2_3.1.7 |
NIST SP 800-171 R2 3.1.7 |
Access Control |
Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Privileged functions include establishing system accounts, performing system integrity checks, conducting patching operations, or administering cryptographic key management activities. Non-privileged users are individuals that do not possess appropriate authorizations. Circumventing intrusion detection and prevention mechanisms or malicious code protection mechanisms are examples of privileged functions that require protection from non-privileged users. Note that this requirement represents a condition to be achieved by the definition of authorized privileges in 3.1.2. Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Logging the use of privileged functions is one way to detect such misuse, and in doing so, help mitigate the risk from insider threats and the advanced persistent threat. |
link |
6 |
| NIST_SP_800-53_R4 |
AC-6(9) |
NIST_SP_800-53_R4_AC-6(9) |
NIST SP 800-53 Rev. 4 AC-6 (9) |
Access Control |
Auditing Use Of Privileged Functions |
Shared |
n/a |
The information system audits the execution of privileged functions.
Supplemental Guidance: Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse, and in doing so, help mitigate the risk from insider threats and the advanced persistent threat (APT). Related control: AU-2. |
link |
6 |
| NIST_SP_800-53_R5 |
AC-6(9) |
NIST_SP_800-53_R5_AC-6(9) |
NIST SP 800-53 Rev. 5 AC-6 (9) |
Access Control |
Log Use of Privileged Functions |
Shared |
n/a |
Log the execution of privileged functions. |
link |
6 |
|
op.exp.8 Recording of the activity |
op.exp.8 Recording of the activity |
404 not found |
|
|
|
n/a |
n/a |
|
67 |
| PCI_DSS_v4.0 |
10.2.1.2 |
PCI_DSS_v4.0_10.2.1.2 |
PCI DSS v4.0 10.2.1.2 |
Requirement 10: Log and Monitor All Access to System Components and Cardholder Data |
Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events |
Shared |
n/a |
Audit logs capture all actions taken by any individual with administrative access, including any interactive use of application or system accounts. |
link |
7 |
| PCI_DSS_v4.0 |
10.2.1.3 |
PCI_DSS_v4.0_10.2.1.3 |
PCI DSS v4.0 10.2.1.3 |
Requirement 10: Log and Monitor All Access to System Components and Cardholder Data |
Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events |
Shared |
n/a |
Audit logs capture all access to audit logs. |
link |
8 |
| PCI_DSS_v4.0 |
10.2.1.5 |
PCI_DSS_v4.0_10.2.1.5 |
PCI DSS v4.0 10.2.1.5 |
Requirement 10: Log and Monitor All Access to System Components and Cardholder Data |
Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events |
Shared |
n/a |
Audit logs capture all changes to identification and authentication credentials including, but not limited to:
• Creation of new accounts.
• Elevation of privileges.
• All changes, additions, or deletions to accounts with administrative access. |
link |
13 |
| PCI_DSS_v4.0 |
10.2.1.6 |
PCI_DSS_v4.0_10.2.1.6 |
PCI DSS v4.0 10.2.1.6 |
Requirement 10: Log and Monitor All Access to System Components and Cardholder Data |
Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events |
Shared |
n/a |
Audit logs capture the following:
• All initialization of new audit logs, and
• All starting, stopping, or pausing of the existing audit logs. |
link |
8 |
| PCI_DSS_v4.0 |
10.6.3 |
PCI_DSS_v4.0_10.6.3 |
PCI DSS v4.0 10.6.3 |
Requirement 10: Log and Monitor All Access to System Components and Cardholder Data |
Time-synchronization mechanisms support consistent time settings across all systems |
Shared |
n/a |
Time synchronization settings and data are protected as follows:
• Access to time data is restricted to only personnel with a business need.
• Any changes to time settings on critical systems are logged, monitored, and reviewed. |
link |
10 |