myctrl.tools
Compare

E009Monitor third-party access

>Control Description

Implement systems to monitor third party access

Application

Optional

Frequency

Every 12 months

Capabilities

Universal

>Controls & Evidence (1)

Technical Implementation

E009.1
Config: Third-party access monitoring

Core - This should include:

- Configuring logging for third-party interactions. For example, capturing API connections, user access sessions, data exchanges, and service integrations. - Capturing access metadata. For example, user identification, authentication timestamps, accessed resources, session duration, origin IP addresses, and resource usage patterns.

Typical evidence: Screenshot of logging system or SIEM configuration showing third-party interactions being monitored with captured metadata - may include cloud logging interface (Google Cloud Logging, AWS CloudWatch, Azure Monitor) showing logged API requests with timestamps/IPs/user agents, access logs capturing authentication events and resource access, or SIEM dashboard displaying third-party connection monitoring with relevant metadata fields.
Location: Engineering Tooling

>Cross-Framework Mappings

NIST AI RMF

GOVERN-4.1
GOVERN-4.2
MEASURE-4.1
MEASURE-4.2

OWASP Top 10 for LLMs

LLM03
Compare
LLM05
Compare
LLM06
Compare
LLM10
Compare

Ask AI

Configure your API key to use AI features.