Back

Disseminate and communicate documentation of pertinent monitoring capabilities to interested personnel and affected parties.


CONTROL ID
13159
CONTROL TYPE
Communicate
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Monitor managing cloud services., CC ID: 13150

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • To monitor the capacity and the availability, the cloud customer is provided with relevant information via a self-service portal. (Section 5.6 RB-02 Description of additional requirements (availability) ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
  • Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for logging and monitoring. Review and update the policies and procedures at least annually. (LOG-01, Cloud Controls Matrix, v4.0)
  • The cloud service provider should provide capabilities that enable the cloud service customer to monitor specified aspects, relevant to the cloud service customer, of the operation of the cloud services. For example, to monitor and detect if the cloud service is being used as a platform to attack ot… (Annex A: § CLD.12.4.5 Table: Cloud service provider, ISO/IEC 27017:2015, Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services, First edition 2015-12-15)
  • Reading internal audit reports, third-party assessments, audit committee presentations, and other documentation related to the service organization's monitoring activities, system incidents, or investigative activities (¶ 3.59 Bullet 10, Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC2), current as of January 1, 2018)
  • Regularly validate that technical controls comply with the organization's cybersecurity policies, plans and procedures, and report results to senior management. (Table 2: Protective Technology Baseline Security Measures Cell 2, Pipeline Security Guidelines)