Control access to Synthetic monitoring solutions using API keys or Certificate based authentication to ensure they don't become an attack path, preventing monitoring systems from forging network requests to gain access to internal systems.
Management / Monitoring / Controls / DEV
Access External Monitoring
CCC.Monitor.CN03 · Access
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Monitoring.CP06 | CCC.Monitoring.CP06 |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Monitor.TH04 | External Monitoring Access | If an external monitoring system is compromised, it acts as a trusted external remote service and can then access internal services which would otherwise not be accessible directly. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.Monitor.CN03.AR01 | When external systems have approved access to internal systems not normally available for public access then they MUST be secured to prevent unauthorised access jumping through to the internal systems and only allow access to specific internal services. | tlp-clear, tlp-green, tlp-amber, tlp-red |