This implementation automates reporting to verify compliance with GC Cloud Guardrails. SSC and TBS review the results. Cette mise en œuvre automatise la production de rapports afin de vérifier la conformité aux mesures de sécurité infonuagique du GC. SPC et SCT examinent les résultats.
Other
7
stars
4
forks
source link
GR1 | Validation 5 | Contact Details for Alerts and Events Check (M) #140
ItemName: “Contact Details for Alerts and Events Check (M)”
ItemName FR: « Détails de contact pour la vérification des alertes et des événements (M) »
Description: This is a new control for the validation “Confirm that alerts to the authorized personnel have been implemented to flag misuse or suspicious activities for all user accounts”.
department would need to provide the list of authorized personnel emails or phone numbers (possibly uploaded storage account file)
Check if the department has configured Service Health Alerts to be sent by email, SMS or a Webhook (this is completed at the subscription level)
OR Check if the fields of Subscription Administrator and subscription owner have been determined for each subscription.
OR Check if Tenant Global Administrator and Subscription owner are configured to receive notifications of security issues at the tenant level.
OR Check if there is a user account that has the Security Admin Role?
OR Check if Azure monitor is using an Action Group to send email, SMS, Push Notification, webhook, ITSM Incident, Azure Function/ Logic Apps.
Comments ENG
If Compliant = “Contact information and alerts have been configured properly.”
If Non-compliant (missing file) = “Missing list of authorized personnel emails and phone numbers.”
If Non-compliant (alerts not configured) = “Alerts have not been configured to go to the identified authorized personnel.”
Comments FR
If Compliant = « L’information de contact et les alertes ont été configurées correctement. »
If Non-compliant (missing file) = « Liste manquante des courriels et des numéros de téléphone autorisés du personnel. »
If Non-compliant (alerts not configured) = « Les alertes n’ont pas été configurées pour être envoyées au personnel autorisé identifié. »
ItemName: “Contact Details for Alerts and Events Check (M)” ItemName FR: « Détails de contact pour la vérification des alertes et des événements (M) »
Description: This is a new control for the validation “Confirm that alerts to the authorized personnel have been implemented to flag misuse or suspicious activities for all user accounts”.
department would need to provide the list of authorized personnel emails or phone numbers (possibly uploaded storage account file)
Check if the department has configured Service Health Alerts to be sent by email, SMS or a Webhook (this is completed at the subscription level)
OR Check if the fields of Subscription Administrator and subscription owner have been determined for each subscription.
OR Check if Tenant Global Administrator and Subscription owner are configured to receive notifications of security issues at the tenant level.
OR Check if there is a user account that has the Security Admin Role?
OR Check if Azure monitor is using an Action Group to send email, SMS, Push Notification, webhook, ITSM Incident, Azure Function/ Logic Apps.
Comments ENG If Compliant = “Contact information and alerts have been configured properly.” If Non-compliant (missing file) = “Missing list of authorized personnel emails and phone numbers.” If Non-compliant (alerts not configured) = “Alerts have not been configured to go to the identified authorized personnel.”
Comments FR
If Compliant = « L’information de contact et les alertes ont été configurées correctement. » If Non-compliant (missing file) = « Liste manquante des courriels et des numéros de téléphone autorisés du personnel. » If Non-compliant (alerts not configured) = « Les alertes n’ont pas été configurées pour être envoyées au personnel autorisé identifié. »