>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SM-28Privileged Session Monitoring

>Control Description

Organization monitors trusted data environments for unauthorized logical access connections.

Theme

Process

Type

Detective

Policy/Standard

Logging & Monitoring Standard

>Implementation Guidance

1. Ensure that Organization's Security Monitoring standard includes the requirements for session monitoring. 2. Configure monitoring tool to ensure least privileged principle is followed. 3. Ensure that the organization monitors trusted data environments for unauthorized logical access connections.

>Testing Procedure

1. Inspect Organization's Security Monitoring standard to determine whether the requirements for session monitoring are defined. 2. Inspect configurations of monitoring tool to ensure least privileged principle is followed. 3. Inspect evidence of the Organization monitoring trusted data environments for unauthorized logical access connections.

>Audit Artifacts

E-SM-10
E-SM-14
E-SM-21

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

PCI DSS
4

11.5
11.5.1
11.5.1.1
11.5.2

Ask AI

Configure your API key to use AI features.