>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SM-13Security Monitoring Alert Criteria Review

>Control Description

Organization reviews security monitoring alert on an annual basis.

Theme

Process

Type

Detective

Policy/Standard

Logging & Monitoring Standard

>Implementation Guidance

1. Document Organization's Security Monitoring Standard to include requirements for security monitoring alert criteria. 2. Establish a process to ensure that the monitoring tool is configured to review the security alerts on an annual basis by the authorized personnel.

>Testing Procedure

1. Inspect Organization's Security Monitoring Standard to determine whether requirements for security monitoring alert criteria are defined. 2. For a sample of alert rules from a sample of services, inspect the monitoring tool configuration to determine that security alerts are reviewed on an annual basis by the authorized personnel.

>Audit Artifacts

E-SM-10
E-SM-11
E-SM-12

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
1

8.1

PCI DSS
6

10.4
10.4.1
10.4.1.1
10.4.2
10.4.2.1
10.4.3

Ask AI

Configure your API key to use AI features.