>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CFM-08Configuration Check Reconciliation: Logging

>Control Description

Organization reconciles the established device inventory against the enterprise log repository on a quarterly basis; devices which do not forward security configurations are remediated.

Theme

Process

Type

Corrective

Policy/Standard

Infrastructure Management Policy

>Implementation Guidance

1. Prepare an asset register to ensure asset life cycle is maintained as per the defined policy and/or standard of asset management. 2. Establish a process through which the device configuration logs can be fetched and reconciled with asset register quarterly. 3. Ensure that a process is established that tracks the deviations to remediation.

>Testing Procedure

1. Inspects Organization asset register to ensure asset life cycle is maintained as per the defined policy and/or standard of asset management. 2. Validate whether the device configuration logs are being reconciled with asset register quarterly. 3. Validate for a sample of deviations whether the remediation is done in a timely manner.

>Audit Artifacts

E-AM-02
E-CFM-12 with E-AM-02
E-CFM-05

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

PCI DSS
5

10.4
10.4.1
10.4.1.1
10.4.2
10.4.2.1

Ask AI

Configure your API key to use AI features.