Define, implement and evaluate processes, procedures and technical measures for the reporting of anomalies and failures of the monitoring system and provide immediate notification to the accountable party.
The organization should define which actions are taken depending on the type of logging and monitoring failure. Anomalies can include software errors, failures to capture some or all logs, failure to backup audit logs, or storage exceeded notifications. This guidance should apply to all information system logs. Organizations must implement a process for the timely detection and reporting of failures of critical security control systems, such as (but limited to):
- Intrusion detection systems (IDS)/intrusion prevention systems (IPS)
- File integrity monitoring (FIM)
- Physical access controls
- Logical access controls
- Audit logging mechanisms
- Examine the policy for reporting of anomalies and failures of the monitoring system.
- Examine the process for identifying accountable parties.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.