Systems Monitoring

Compliance requirements primarily focus on logging of security events and security exceptions. In reality that covers events to identity/access/events but also availability concerns. Ultimately, a security exception is any event that interrupts normal business and sufficient monitoring will assist in identifying those issues. Most commonly small companies transfer this responsibility to a managed service provider, but the organizations should define monitoring objectives instead of relying on canned offerings.

Category	Sub-Category	Name	Activity
Systems Monitoring	Logging	Audit Logging	[The organization] logs critical information system activity.
Systems Monitoring	Logging	Secure Audit Logging	[The organization] logs critical information system activity to a secure repository. [the organization] disables administrators ability to delete or modify enterprise audit logs; the number of administrators with access to audit logs is limited.
Systems Monitoring	Logging	Audit Logging: Cardholder Data Environment Activity	[The organization] logs the following activity for cardholder data environments: • individual user access to cardholder data • administrative actions • access to logging servers • failed logins • modifications to authentication mechanisms and user privileges • initialization, stopping, or pausing of the audit logs • creation and deletion of system-level objects • security events • logs of all system components that store, process, transmit, or could impact the security of cardholder data (CHD) and/or sensitive authentication data (SAD) • logs of all critical system components • logs of all servers and system components that perform security functions (e.g., firewalls, intrusion-detection systems/intrusion-prevention systems (IDS/IPS), authentication servers, ecommerce redirection servers, etc.)
Systems Monitoring	Logging	Audit Logging: Cardholder Data Environment Event Information	[The organization] records the following information for confirmed events in the cardholder data environment: • user identification • type of event • date and time • event success or failure indication • origination of the event • identification of affected data, system component, or resource
Systems Monitoring	Logging	Audit Logging: Service Provider Logging Requirements	[The organization] establishes unique logging and audit trails for each entity's cardholder data environment and complies with the following: • logs are enabled for third-party applications • logs are active by default • logs are available for review by and communicated to the owning entity
Systems Monitoring	Logging	Log Reconciliation: CMDB	[The organization] reconciles the established device inventory against the enterprise log repository [in accordance with the organization-defined frequency]; devices which do not forward log data are remediated.
Systems Monitoring	Logging	Audit Log Capacity and Retention	[The organization] allocates audit record storage capacity in accordance with logging storage and retention requirements; Audit logs are retained [in accordance with the organization-defined duration] with [the organization-defined duration] of data immediately available for analysis.
Systems Monitoring	Logging	Enterprise Antivirus Logging	If applicable, [the organization's] managed enterprise antivirus deployments generate audit logs which are retained [in accordance with the organization-defined duration] with [the organization-defined duration] of data immediately available for analysis.
Systems Monitoring	Security Monitoring	Security Monitoring Alert Criteria	[The organization] defines security monitoring alert criteria, how alert criteria will be flagged, and identifies authorized personnel for flagged system alerts.
Systems Monitoring	Security Monitoring	Log-tampering Detection	[The organization] monitors and flags tampering to the audit logging and monitoring tools in the production environment.
Systems Monitoring	Security Monitoring	Security Monitoring Alert Criteria: Failed Logins	[The organization] defines security monitoring alert criteria for failed login attempts on [the organization's] network.
Systems Monitoring	Security Monitoring	Security Monitoring Alert Criteria: Privileged Functions	[The organization] defines security monitoring alert criteria for privileged functions executed by both authorized and unauthorized users.
Systems Monitoring	Security Monitoring	Security Monitoring Alert Criteria: Audit Log Integrity	[The organization] defines security monitoring alert criteria for changes to the integrity of audit logs.
Systems Monitoring	Security Monitoring	Security Monitoring Alert Criteria: Cardholder System Components	[The organization] defines security monitoring alert criteria for system components that store, process, transmit, or could impact the security of cardholder data and/or sensitive authentication data.
Systems Monitoring	Security Monitoring	System Security Monitoring	Critical systems are monitored in accordance to predefined security criteria and alerts are sent to authorized personnel. Confirmed incidents are tracked to resolution.
Systems Monitoring	Security Monitoring	Intrusion Detection Systems	[The organization] has an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) deployment(s) and ensures the following: • signature definitions are updated including the removal of false positive signatures • non-signature based attacks are defined • IDS/IPS are configured to capture malicious (both signature and non-signature based) traffic • alerts are reviewed and resolved by authorized personnel when malicious traffic is detected
Systems Monitoring	Availability Monitoring	Availability Monitoring Alert Criteria	[The organization] defines availability monitoring alert criteria, how alert criteria will be flagged, and identifies authorized personnel for flagged system alerts.
Systems Monitoring	Availability Monitoring	System Availability Monitoring	Critical systems are monitored in accordance to predefined availability criteria and alerts are sent to authorized personnel.

No results found