Compliance Reports: Good Practice Guide 13 (GPG13)

Document created by RSA Information Design and Development on May 25, 2016Last modified by RSA Information Design and Development on Apr 10, 2018
Version 141Show Document
  • View in full screen mode
 

Good Practice Guide 13 (GPG13) defines requirements for protective monitoring—for example, the use of intrusion detection and prevention systems (IDS/IPS)—with which local authorities must comply in order to prevent accidental or malicious data loss.

Dependencies

The GPG13 compliance reports have the following dependencies.

                  
SA RulesSA ListsApp Rules

Access to Compliance Data Details

Access to Compliance Data Summary

Accounts Created

Accounts Deleted

Accounts Modified

Admin Access to Compliance Systems Details

Firewall Configuration Changes

Group Management

Inbound Network Traffic

Logon Failures Details

Logon Failures Summary

Outbound Network Traffic

Router Configuration Changes

Successful Escalation of Privileges Details

Successful Escalation of Privileges Summary

Successful Remote Access Details

System Clock Synchronization

User Access to Compliance Systems Details

Administrative Users

Compliance Data

Compliance Systems

account:created

account:deleted

account:modified

account:logon-success

config:fw-config-changes

account:group-management

alm:inbound-network-traffic

account:logon-failure

alm:outbound-network-traffic

config:router-change

access:privilege-escalation-success

alm:system-clock-synch

Citations

The GPG13 reports have the following Citations.

                                                                                                                 
Report RuleCitation NumberCitation Description
Access to Compliance Data - Detail
Access to Compliance Data - Top 25
PMC7Recording of session activity by user and workstation.
Accounts CreatedPMC7Recording of session activity by user and workstation.
Accounts DeletedPMC7Recording of session activity by user and workstation.
Accounts ModifiedPMC7Recording of session activity by user and workstation.
Admin Access to Compliance Systems - DetailPMC7Recording of session activity by user and workstation.
Admin Access to Compliance Systems - Top 25PMC7Recording of session activity by user and workstation.
Escalation of Privileges - Detail
Escalation of Privileges - Top 25
PMC7Recording of session activity by user and workstation.
Failed Remote Access - DetailPMC6Recording relating to network connections.
Firewall Configuration ChangesPMC4Recording of workstation, server, or device status.
Group ManagementPMC7Recording of session activity by user and workstation.
Inbound Network Traffic - Top 25 &
Outbound Network Traffic - Top 25 (specific for internal IP source addresses)
PMC5Recording relating to suspicious internal network activity.
Logon Failures - DetailPMC7Recording of session activity by user and workstation.
Logon Failures - Top 25PMC7Recording of session activity by user and workstation.
Inbound Network Traffic - Top 25 &
Outbound Network Traffic - Top 25 (specific for DMZ IP source  addresses)
PMC2Recording relating to business traffic crossing a boundary.
Router Configuration ChangesPMC4Recording of workstation, server, or device status.
Successful Remote Access - DetailPMC6Recording relating to network connections.
System Clock SynchronizationPMC1Accurate time in logs.
User Access to Compliance Systems - DetailPMC7Recording of session activity by user and workstation.
User Access to Compliance Systems - Top 25PMC7Recording of session activity by user and workstation.
Account ManagementPMC7Recording of session activity by user and workstation.
You are here
Table of Contents > Rules and Reports > Core Compliance Reports > Good Practice Guide 13 (GPG13)

Attachments

    Outcomes