Skip to main content

Repository → 💼 SOC 2 → 💼 CC7 System Operations → 💼 CC7.1 To meet its objectives, the entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities.

💼 CC7.1-2 Monitors Infrastructure and Software

  • ID: /frameworks/soc-2/cc7/01/02

Description

The entity monitors infrastructure and software for noncompliance with the standards, which could threaten the achievement of the entity's objectives.

Similar

  • Internal
    • ID: dec-c-76a3e9d0

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (11)

PolicyLogic CountFlagsCompliance
🛡️ AWS CloudTrail Log File Validation is not enabled🟢1🟢 x6no data
🛡️ Azure Diagnostic Setting for Azure Key Vault is not enabled🟢⚪🟢 x2, ⚪ x1no data
🛡️ Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server log_connections Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON🟢1🟢 x6no data
🛡️ Azure SQL Server Auditing is not enabled🟢1🟢 x6no data
🛡️ Azure SQL Server Auditing Retention is less than 90 days🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance user options Database Flag is configured🟢1🟢 x6no data

Internal Rules

RulePoliciesFlags
✉️ dec-x-0c82d7751
✉️ dec-x-9b79d91f1
✉️ dec-x-24bba4831
✉️ dec-x-36ced3d11
✉️ dec-x-89d5ed7a1
✉️ dec-x-1518c16e1
✉️ dec-x-b1e1a4941
✉️ dec-x-b2ce0ca11