This implementation automates reporting to verify compliance with GC Cloud Guardrails. SSC and TBS review the results. Cette mise en œuvre automatise la production de rapports afin de vérifier la conformité aux mesures de sécurité infonuagique du GC. SPC et SCT examinent les résultats.
ItemName ENG: “User Account GC Event Logging Check (M)”
ItemName FR: « Vérification de la journalisation des événements du GC du compte utilisateur (M) »
Description: This is considered a combined control of the existing Health/ Security Monitoring control in GR 11 v1.0 however it has been simplified. The check needs to touch on the following three concepts. 1. Logs are enabled, 2.Logs are parsed/ reviewed, and 3. Logs are protected. Essentially determining if the appropriate logs have been enabled, they are being sent somewhere and they are being retained appropriately. If all three are complete then th client will be compliant with this control.
Details:
Logs are enabled (Monitoring of Information System). Check that user activity logs and resource logs are being sent to a log analytic workspace. Log analytic workspace ID is given in the config.json.
-- Check if the following logs (ALL Logs) are being collected into a LAW.
Logs are being parsed/ reviewed (Deploying Monitoring Devices)
-- Check if the department is using “Azure Monitor Logs” specifically a Log Analytic Workspaces
Logs/ monitoring tools are protected. No unauthorized access, no modification of logs, and no deletion. (Follow retention requirements)
-- check retention dates of identified LAW (Should match what the department input in the config.json)
-- check if locks are in place to prevent accidental deletion or unauthorized changes of the identified LAW. i.e., the Read-only lock
Comments in ENG:
If Compliant: Logs are collected, stored and retained to meet this control’s requirements.
If Non- Compliant Logs Issue : Not all of the required logs are being collected.
If Non- Compliant LAW Issue : The LAW identified does not match the config.json file.
If Non- Compliant Retention issue: The LAW identified does not meet data retention requirements.
Comments in FR:
If Compliant: Les journaux sont recueillis, stockés et conservés pour répondre aux exigences de ce contrôle.
If Non- Compliant Logs Issue : Tous les journaux requis ne sont pas collectés.
If Non- Compliant LAW Issue : Le « LAW » identifié ne correspond pas au fichier config.json.
If Non- Compliant Retention issue: Le « LAW » identifié ne répond pas aux exigences de conservation des données.
ItemName ENG: “User Account GC Event Logging Check (M)” ItemName FR: « Vérification de la journalisation des événements du GC du compte utilisateur (M) »
Description: This is considered a combined control of the existing Health/ Security Monitoring control in GR 11 v1.0 however it has been simplified. The check needs to touch on the following three concepts. 1. Logs are enabled, 2.Logs are parsed/ reviewed, and 3. Logs are protected. Essentially determining if the appropriate logs have been enabled, they are being sent somewhere and they are being retained appropriately. If all three are complete then th client will be compliant with this control.
Details:
-- OR check if at the minimum the following
Logs are being parsed/ reviewed (Deploying Monitoring Devices) -- Check if the department is using “Azure Monitor Logs” specifically a Log Analytic Workspaces
Logs/ monitoring tools are protected. No unauthorized access, no modification of logs, and no deletion. (Follow retention requirements) -- check retention dates of identified LAW (Should match what the department input in the config.json) -- check if locks are in place to prevent accidental deletion or unauthorized changes of the identified LAW. i.e., the Read-only lock
Comments in ENG: If Compliant: Logs are collected, stored and retained to meet this control’s requirements. If Non- Compliant Logs Issue : Not all of the required logs are being collected. If Non- Compliant LAW Issue : The LAW identified does not match the config.json file. If Non- Compliant Retention issue: The LAW identified does not meet data retention requirements.
Comments in FR: If Compliant: Les journaux sont recueillis, stockés et conservés pour répondre aux exigences de ce contrôle. If Non- Compliant Logs Issue : Tous les journaux requis ne sont pas collectés. If Non- Compliant LAW Issue : Le « LAW » identifié ne correspond pas au fichier config.json. If Non- Compliant Retention issue: Le « LAW » identifié ne répond pas aux exigences de conservation des données.