Skip to main content

πŸ’Ό RS.AN-06: Actions performed during an investigation are recorded, and the records' integrity and provenance are preserved

  • Contextual name: πŸ’Ό RS.AN-06: Actions performed during an investigation are recorded, and the records' integrity and provenance are preserved
  • ID: /frameworks/nist-csf-v2.0/rs-an/06
  • Located in: πŸ’Ό Incident Analysis (RS.AN)

Description​

  1. Require each incident responder and others (e.g., system administrators, cybersecurity engineers) who perform incident response tasks to record their actions and make the record immutable
  2. Require the incident lead to document the incident in detail and be responsible for preserving the integrity of the documentation and the sources of all information being reported

Similar​

  • Sections
    • /frameworks/nist-csf-v1.1/rs-an/03
    • /frameworks/nist-sp-800-53-r5/au/07
    • /frameworks/nist-sp-800-53-r5/ir/04
    • /frameworks/nist-sp-800-53-r5/ir/06

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.AN-3: Forensics are performed1
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-7 Audit Record Reduction and Report Generation2118
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IR-4 Incident Handling15
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IR-6 Incident Reporting31

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (18)​

PolicyLogic CountFlags
πŸ“ Google Cloud Audit Logging is not configured properly 🟒1🟒 x6
πŸ“ Google Cloud PostgreSQL Instance Log_error_verbosity Database Flag is not set to DEFAULT or stricter 🟒1🟒 x6
πŸ“ Google Cloud PostgreSQL Instance Log_connections Database Flag is not set to On 🟒1🟒 x6
πŸ“ Google Cloud PostgreSQL Instance Log_disconnections Database Flag is not set to On 🟒1🟒 x6
πŸ“ Google Cloud PostgreSQL Instance Log_min_error_statement Database Flag is not set to Error or stricter 🟒1🟒 x6
πŸ“ Google Cloud PostgreSQL Instance Log_min_messages Database Flag is not set at minimum to Warning 🟒1🟒 x6
πŸ“ Google Cloud PostgreSQL Instance Log_statement Database Flag is not set appropriately 🟒1🟒 x6
πŸ“ Google GCE Network DNS Policy Logging is not enabled 🟒1🟒 x6
πŸ“ Google HTTP(S) Load Balancer Logging is not enabled 🟒1🟒 x6
πŸ“ Google Logging Log Metric Filter and Alerts for Audit Configuration Changes do not exist 🟒1🟒 x6
πŸ“ Google Logging Log Metric Filter and Alerts for Custom Role Changes do not exist 🟒1🟒 x6
πŸ“ Google Logging Log Metric Filter and Alerts for Project Ownership Assignments Changes do not exist 🟒1🟒 x6
πŸ“ Google Logging Log Metric Filter and Alerts for SQL Instance Configuration Changes do not exist 🟒1🟒 x6
πŸ“ Google Logging Log Metric Filter and Alerts for VPC Network Changes do not exist 🟒1🟒 x6
πŸ“ Google Logging Log Metric Filter and Alerts for VPC Network Firewall Rule Changes do not exist 🟒1🟒 x6
πŸ“ Google Logging Log Metric Filter and Alerts for VPC Network Route Changes do not exist 🟒1🟒 x6
πŸ“ Google Logging Log Sink for All Log Entries is not configured 🟒1🟒 x6
πŸ“ Google Organization Essential Contacts is not configured 🟒1🟒 x6