Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The information system provides the capability to centrally review and analyze audit records from multiple components within the system.
NIST 800-53 (r4) Supplemental Guidance:
Automated mechanisms for centralized reviews and analyses include, for example, Security Information Management products. Related controls: AU-2, AU-12.
NIST 800-53 (r5) Discussion:
Automated mechanisms for centralized reviews and analyses include Security Information and Event Management products.
38North Guidance:
Meets Minimum Requirement:
The Cloud Service Offering (CSO) implements a Security Information and Event Management (SIEM) tool to ensure all CSO components are feeding into one automated system of audit record for the system. This allows the Cloud Service Provider (CSP) one tool to centrally review and analyze CSO audit records.
Best Practice:
Ensure that all CSO components can forward audit logs to the CSO SIEM tool.
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Review the CSO to determine if a SIEM tool is implemented within the system boundary.
Review the SIEM tool to ensure all CSO component logs are feeding into the SIEM tool for situational awareness.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse