Ensure only a subset of users can silence or acknowledge alerts to prevent attackers hiding their activity.
Management / Monitoring / Controls / DEV
Restrict access to silence or acknowledge an alert
CCC.Monitor.CN05 · Access
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP03 | Access Log Publication | The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors. |
| CCC.Core.CP07 | Event Publication | The service automatically publishes a structured state-change record upon creation, deletion, or modification of data, configuration, components, or child resources. |
| CCC.Core.CP09 | Metrics Publication | The service automatically publishes structured, numeric, time-series data points related to the performance, availability, and health of the service or its child resources. |
| CCC.Core.CP17 | Alerting | The service may be configured to emit a notification based on a user-defined condition related to the data published by a child or networked resource. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Core.TH10 | State-change Events are Read by Unauthorized Entities | Unauthorized access to state-change events can reveal information about the system's design and usage patterns. This opens the system up to attacks of opportunity and support the planning of attacks on the service, system, or network. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.Monitor.CN05.AR01 | When monitoring services have generated an alert, the service MUST ensure only authorised responders silence or acknowledge the alert. | tlp-clear, tlp-green, tlp-amber, tlp-red |