Skip to content
  • There are no suggestions because the search field is empty.

Compliance Reports: Good Practice Guide 13 (GPG13)

Good Practice Guide 13 (GPG13) defines requirements for protective monitoring—for example, the use of intrusion detection and prevention systems (IDS/IPS)—with which local authorities must comply in order to prevent accidental or malicious data loss.

Dependencies

The GPG13 compliance reports have the following dependencies.

  • SA Rules:

    Access to Compliance Data Details

    Access to Compliance Data Summary

    Accounts Created

    Accounts Deleted

    Accounts Modified

    Admin Access to Compliance Systems Details

    Firewall Configuration Changes

    Group Management

    Inbound Network Traffic

    Logon Failures Details

    Logon Failures Summary

    Outbound Network Traffic

    Router Configuration Changes

    Successful Escalation of Privileges Details

    Successful Escalation of Privileges Summary

    Successful Remote Access Details

    System Clock Synchronization

    User Access to Compliance Systems Details

  • SA Lists:

    Administrative Users

    Compliance Data

    Compliance Systems

  • App Rules:

    account:created

    account:deleted

    account:modified

    account:logon-success

    config:fw-config-changes

    account:group-management

    alm:inbound-network-traffic

    account:logon-failure

    alm:outbound-network-traffic

    config:router-change

    access:privilege-escalation-success

    alm:system-clock-synch


Citations

The GPG13 reports have the following Citations.

  • Report Rule: Access to Compliance Data - Detail
    Access to Compliance Data - Top 25
  • Citation Number: PMC7
  • Citation Description: Recording of session activity by user and workstation.

  • Report Rule: Accounts Created
  • Citation Number: PMC7
  • Citation Description: Recording of session activity by user and workstation.

  • Report Rule: Accounts Deleted
  • Citation Number: PMC7
  • Citation Description: Recording of session activity by user and workstation.

  • Report Rule: Accounts Modified
  • Citation Number: PMC7
  • Citation Description: Recording of session activity by user and workstation.

  • Report Rule: Admin Access to Compliance Systems - Detail
  • Citation Number: PMC7
  • Citation Description: Recording of session activity by user and workstation.

  • Report Rule: Admin Access to Compliance Systems - Top 25
  • Citation Number: PMC7
  • Citation Description: Recording of session activity by user and workstation.

  • Report Rule: Escalation of Privileges - Detail
    Escalation of Privileges - Top 25
  • Citation Number: PMC7
  • Citation Description: Recording of session activity by user and workstation.

  • Report Rule: Failed Remote Access - Detail
  • Citation Number: PMC6
  • Citation Description: Recording relating to network connections.

  • Report Rule: Firewall Configuration Changes
  • Citation Number: PMC4
  • Citation Description: Recording of workstation, server, or device status.

  • Report Rule: Group Management
  • Citation Number: PMC7
  • Citation Description: Recording of session activity by user and workstation.

  • Report Rule: Inbound Network Traffic - Top 25 &
    Outbound Network Traffic - Top 25 (specific for internal IP source addresses)
  • Citation Number: PMC5
  • Citation Description: Recording relating to suspicious internal network activity.

  • Report Rule: Logon Failures - Detail
  • Citation Number: PMC7
  • Citation Description: Recording of session activity by user and workstation.

  • Report Rule: Logon Failures - Top 25
  • Citation Number: PMC7
  • Citation Description: Recording of session activity by user and workstation.

  • Report Rule: Inbound Network Traffic - Top 25 &
    Outbound Network Traffic - Top 25 (specific for DMZ IP source  addresses)
  • Citation Number: PMC2
  • Citation Description: Recording relating to business traffic crossing a boundary.

  • Report Rule: Router Configuration Changes
  • Citation Number: PMC4
  • Citation Description: Recording of workstation, server, or device status.

  • Report Rule: Successful Remote Access - Detail
  • Citation Number: PMC6
  • Citation Description: Recording relating to network connections.

  • Report Rule: System Clock Synchronization
  • Citation Number: PMC1
  • Citation Description: Accurate time in logs.

  • Report Rule: User Access to Compliance Systems - Detail
  • Citation Number: PMC7
  • Citation Description: Recording of session activity by user and workstation.

  • Report Rule: User Access to Compliance Systems - Top 25
  • Citation Number: PMC7
  • Citation Description: Recording of session activity by user and workstation.

  • Report Rule: Account Management
  • Citation Number: PMC7
  • Citation Description: Recording of session activity by user and workstation.

docFeedback.png

You are here
Table of Contents > Compliance Reports: Good Practice Guide 13 (GPG13)