πΌ CC7.1-2 Monitors Infrastructure and Software
- Contextual name: πΌ CC7.1-2 Monitors Infrastructure and Software
- ID:
/frameworks/soc-2/cc7/01/02 - Located in: πΌ CC7.1 To meet its objectives, the entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities.
Descriptionβ
The entity monitors infrastructure and software for noncompliance with the standards, which could threaten the achievement of the entity's objectives.
Similarβ
- Internal
- ID:
dec-c-76a3e9d0
- ID:
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (9)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS Account Multi-Region CloudTrail is not enabled π’ | 1 | π’ x6 |
| π AWS CloudTrail Log File Validation is not enabled π’ | 1 | π’ x6 |
| π Azure Diagnostic Setting for Azure Key Vault is not enabled π’ | π’ x3 | |
| π Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON π’ | 1 | π’ x6 |
| π Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days π’ | 1 | π’ x6 |
| π Azure PostgreSQL Single Server log_connections Parameter is not set to ON π’ | 1 | π’ x6 |
| π Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON π’ | 1 | π’ x6 |
| π Azure SQL Server Auditing is not enabled π’ | 1 | π’ x6 |
| π Azure SQL Server Auditing Retention is less than 90 days π’ | 1 | π’ x6 |
Internal Rulesβ
| Rule | Policies | Flags |
|---|---|---|
| βοΈ dec-x-0c82d775 | 1 | |
| βοΈ dec-x-9b79d91f | 1 | |
| βοΈ dec-x-24bba483 | 1 | |
| βοΈ dec-x-36ced3d1 | 1 | |
| βοΈ dec-x-89d5ed7a | 1 | |
| βοΈ dec-x-1518c16e | 1 | |
| βοΈ dec-x-b1e1a494 | 1 | |
| βοΈ dec-x-b2ce0ca1 | 1 | |
| βοΈ dec-z-3f480eb5 | 1 |