>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CFM-06Prohibited Activity Monitoring

>Control Description

Organization information systems are configured to explicitly deny a predefined list of activities.

Theme

Technology

Type

Detective

Policy/Standard

Infrastructure Management Policy

>Implementation Guidance

1. Prepare a list of activities that shall be denied on Information Systems, e.g., removable media restriction. 2. Ensure that the denied activities are enforced on the Information systems. 3. Ensure that the logs are being maintained for monitoring. 4. The list shall be reviewed periodically.

>Testing Procedure

1. Validate whether a list is being maintained that has the activities that shall be denied on Information Systems. 2. Inspect the activity logs to validate whether the denied activities are enforced and monitored on the Information systems. 3. Validate whether the periodic review history documentation is present.

>Audit Artifacts

E-CFM-08
E-CFM-09
E-CFM-10

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

FedRAMP Rev 5
2

AU-09 (04)
CA-03 (05)

PCI DSS
4

1.2.5
1.2.6
2..2.4
2.2.5

Ask AI

Configure your API key to use AI features.