2-11-1—2-11-1
>Control Description
Ensure that IoT devices to have the ability to record cybersecurity events, and centrally store it to be monitored by the Security Operations Center (SOC) in the organization, if possible. Taking into consideration the following:
▪ Define the scenarios to discover potential IoT cybersecurity incidents.
▪ Record events such as user authentication, management of accounts and access rights, attempts to access sensitive data, and modifications to system resources.
▪ Monitor, review and analyze event logs and threat cases for IoT on a regular basis. If possible, implement automated systems to enable real-time monitoring oflogs and threat cases.
▪ Leverage data storage services that store the log data in a remote location, instead of storing locally, so that even if the IoT software and hardware components are compromised the log data would remain secure. Implement authentication mechanisms for accessing the data storage to enable secure retrieval of the log data.
▪ In case an unauthorized change or behavior is observed in the IoT assets, alert the consumer and/ or the administrator while ensuring that the device does not connect to a wider network than is necessary to enable the alerting function.
▪ Analyze potential misuse of access privileges by internal stakeholders;
▪ Examine telemetry data collected by IoT devices and services, such as usage, measurement and log data, for cybersecurity anomalies and identifying unusual circumstances in a timely manner.
▪ Establish a retention period for cybersecurity events data. The retention period should be at least 12 months from the date of recording.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.