on May 25, 2016Good Practice Guide 13 (GPG13) defines requirements for protective monitoring—for example, the use of intrusion detection and prevention systems (IDS/IPS)—with which local authorities must comply in order to prevent accidental or malicious data loss.
Dependencies
The GPG13 compliance reports have the following dependencies.
| SA Rules | SA Lists | App Rules |
|---|---|---|
| Access to Compliance Data Details Access to Compliance Data Summary Accounts Created Accounts Deleted Accounts Modified Admin Access to Compliance Systems Details Firewall Configuration Changes Group Management Inbound Network Traffic Logon Failures Details Logon Failures Summary Outbound Network Traffic Router Configuration Changes Successful Escalation of Privileges Details Successful Escalation of Privileges Summary Successful Remote Access Details System Clock Synchronization User Access to Compliance Systems Details | Administrative Users Compliance Data Compliance Systems | account:created account:deleted account:modified account:logon-success config:fw-config-changes account:group-management alm:inbound-network-traffic account:logon-failure alm:outbound-network-traffic config:router-change access:privilege-escalation-success alm:system-clock-synch |
Citations
The GPG13 reports have the following Citations.
| Report Rule | Citation Number | Citation Description |
|---|---|---|
| Access to Compliance Data - Detail Access to Compliance Data - Top 25 | PMC7 | Recording of session activity by user and workstation. |
| Accounts Created | PMC7 | Recording of session activity by user and workstation. |
| Accounts Deleted | PMC7 | Recording of session activity by user and workstation. |
| Accounts Modified | PMC7 | Recording of session activity by user and workstation. |
| Admin Access to Compliance Systems - Detail | PMC7 | Recording of session activity by user and workstation. |
| Admin Access to Compliance Systems - Top 25 | PMC7 | Recording of session activity by user and workstation. |
| Escalation of Privileges - Detail Escalation of Privileges - Top 25 | PMC7 | Recording of session activity by user and workstation. |
| Failed Remote Access - Detail | PMC6 | Recording relating to network connections. |
| Firewall Configuration Changes | PMC4 | Recording of workstation, server, or device status. |
| Group Management | PMC7 | Recording of session activity by user and workstation. |
| Inbound Network Traffic - Top 25 & Outbound Network Traffic - Top 25 (specific for internal IP source addresses) | PMC5 | Recording relating to suspicious internal network activity. |
| Logon Failures - Detail | PMC7 | Recording of session activity by user and workstation. |
| Logon Failures - Top 25 | PMC7 | Recording of session activity by user and workstation. |
| Inbound Network Traffic - Top 25 & Outbound Network Traffic - Top 25 (specific for DMZ IP source addresses) | PMC2 | Recording relating to business traffic crossing a boundary. |
| Router Configuration Changes | PMC4 | Recording of workstation, server, or device status. |
| Successful Remote Access - Detail | PMC6 | Recording relating to network connections. |
| System Clock Synchronization | PMC1 | Accurate time in logs. |
| User Access to Compliance Systems - Detail | PMC7 | Recording of session activity by user and workstation. |
| User Access to Compliance Systems - Top 25 | PMC7 | Recording of session activity by user and workstation. |
| Account Management | PMC7 | Recording of session activity by user and workstation. |
