>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SM-12Security Monitoring Alert Criteria

>Control Description

Organization defines security monitoring alert criteria, how alert criteria will be flagged, and identifies authorized personnel for flagged system alerts.

Theme

Process

Type

Detective

Policy/Standard

Logging & Monitoring Standard

>Implementation Guidance

1. Document Organization's Security Monitoring Standard to include requirements for security monitoring alert criteria. 2. Establish a process to periodically review and maintain a list of security monitoring rules.

>Testing Procedure

1. Inspect Organization's Security Monitoring Standard to determine whether requirements for security monitoring alert criteria are defined. 2. Obtain list of security monitoring rules that are defined. 3. For a sample of alert rules from a sample of services, inspect the monitoring tool configuration to determine that rules are implemented to flag events, and notify authorized personnel.

>Audit Artifacts

E-SM-10
E-SM-11
E-SM-12

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
2

DE.AE-5
DE.CM-2

CIS Controls
2

13.1
13.11

FedRAMP Rev 5
9

AU-02
AU-03
AU-06
AU-12
AC-02 (12)
AU-06 (01)
+3 more

PCI DSS
6

10.4
10.4.1
10.4.1.1
10.4.2
10.4.2.1
10.4.3

HIPAA Security Rule
4

164.308(a)(1)(ii)(D)
164.308(a)(6)(ii)
164.312(b)
164.312(c)(2)

SOC 2
2

CC7.1
CC7.3

BSI C5
5

COS-01
IDM-06
OPS-10
OPS-13
PSS-04

TX-RAMP
5

AC-2(12)
AU-12
AU-2
AU-3
AU-6

Ask AI

Configure your API key to use AI features.