πΌ CM-5(1) Automated Access Enforcement and Audit Records (M)(H)
- Contextual name: πΌ CM-5(1) Automated Access Enforcement and Audit Records (M)(H)
- ID:
/frameworks/fedramp-moderate-security-controls/cm/05/01 - Located in: πΌ CM-5 Access Restrictions for Change (L)(M)(H)
Descriptionβ
(a) Enforce access restrictions using [Assignment: organization-defined automated mechanisms]; and
(b) Automatically generate audit records of the enforcement actions.
Similarβ
- Sections
/frameworks/fedramp-high-security-controls/cm/05/01
- Internal
- ID:
dec-c-5530900e
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP High Security Controls β πΌ CM-5(1) Automated Access Enforcement and Audit Records (M)(H) | 8 | 9 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (9)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS Account Multi-Region CloudTrail is not enabled π’ | 1 | π’ x6 |
| π AWS CloudTrail Log File Validation is not enabled π’ | 1 | π’ x6 |
| π Azure Diagnostic Setting for Azure Key Vault is not enabled π’ | π’ x3 | |
| π Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist π’ | 1 | π’ x6 |
| π Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist π’ | 1 | π’ x6 |
| π Azure Subscription Activity Log Alert for Create Policy Assignment does not exist π’ | 1 | π’ x6 |
| π Azure Subscription Activity Log Alert for Delete Network Security Group does not exist π’ | 1 | π’ x6 |
| π Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist π’ | 1 | π’ x6 |
| π Azure Subscription Activity Log Alert for Delete Security Solution does not exist π’ | 1 | π’ x6 |