Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization analyzes and correlates audit records across different repositories to gain organization-wide situational awareness.
NIST 800-53 (r4) Supplemental Guidance:
Organization-wide situational awareness includes awareness across all three tiers of risk management (i.e., organizational, mission/business process, and information system) and supports cross-organization awareness. Related controls: AU-12, IR-4.
NIST 800-53 (r5) Discussion:
Organization-wide situational awareness includes awareness across all three levels of risk management (i.e., organizational level, mission/business process level, and information system level) and supports cross-organization awareness.
38North Guidance:
Meets Minimum Requirement:
The Cloud Service Provider (CSP) is able to analyze and correlate all audit records from the Cloud Service Offering (CSO) into one repository for the entire boundary. Separate component isolated local auditing is prohibited. All CSO audit records should be feeding into one Security Information and Event Management (SIEM) tool to ensure the CSP has situational awareness on the entire CSO boundary.
Best Practice:
Ensure alerting mechanisms are enabled within the Security Information and Event Management (SEIM) tool.
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Review the CSO to determine if a SIEM tool is implemented within the system boundary.
Review the SIEM tool to ensure all CSO component logs are feeding into the SIEM tool for situational awareness.
Review recent analyzing/correlation reviews conducted by CSO personnel to determine situational awareness.
Review after action reports for recent incident response events to review how the CSP obtained situational awareness.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse