LOG-9 Unauthorized Access Monitoring

What is this control really about?

This control is about monitoring your organization’s infrastructure to ensure that unauthorized access is prevented. Any access to a system, network, application, database,  that violates the stated security policy is considered unauthorized access. Unauthorized access is also when legitimate users access a resource that they do not have permission to use.

The preventive measures include using tools such as Privilege Account Monitoring (PAM) or Wireless Access Monitoring to scan the environment for unauthorized access from personnel, applications, devices, networks,etc.

There are no mandatory tools or methods to use as long as you can demonstrate a way to track and scan the environment and take action upon the results.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, because we haven’t personally used them. 

Available templates

• N/A for the section

What is required to implement this control?

The implementation of a tool is required for this control. Ensure that these steps are taking into account as part of implementation:

• enable temporary privilege escalation
• Enable tracking of assets and privileges granted
• enable attribute-based access control
• monitor assignment of privileges versus usage
• enable zero trust, everywhere
• Enable audit trail
• Enable monitoring and alert

What evidence is the auditor looking for?

• Screenshot from the monitoring tool dashboard

An example of what an artifact can look like

1- Screenshot from the monitoring tool dashboard

This is from a PAM tool