What standards and frameworks does Red Canary support?

Asset Management / Inventory Management

The organization maintains an inventory of system devices, which is reconciled in accordance with the organization-defined frequency.

Inventory of monitored endpoints within Red Canary can be used to help satisfy this control.

A.8.1.1

CC6.1

CM-8

9.6.1
9.7
9.7.1

AM-01

Configuration Management / Configuration Checks

The organization uses mechanisms to detect deviations from baseline configurations in production environments.

Appropriately configured logging and alerting within Red Canary can help satisfy this control.

A.9.4.4
A.12.5.1

CC6.8

CM-6
CM-7

1.2.2
10.4.2
11.4
11.5
11.5.1
5.3

IDM-12
KOS-01
RM-22

164.306(a)(2)

3.1.1
3.1.2
3.1.5
3.1.6
3.1.7
3.4.5
3.4.6
3.4.7
3.4.8
3.4.9

AC.1.001
AC.1.002
AC.2.007
AC.2.008
AC.3.018
CM.3.067
CM.2.062
CM.3.068
CM.3.069
CM.4.073
CM.2.063

Incident Response / Incident Response

Confirmed incidents are assigned a priority level and managed to resolution.

Red Canary's incident management process (including tracking and logging within Red Canary) can be used to help satisfy this control.

A.16.1.1
A.16.1.2
A.16.1.4
A.16.1.5
A.16.1.6
A.16.1.7

CC2.2
CC7.3
CC7.4
CC7.5

IR-4
IR-5
IR-9

10.6.3
10.8.1
12.10.3

SIM-01
SIM-02
SIM-03
SIM-04
SIM-05
SIM-06
SIM-07
SPN-01

164.308(a)(1)(ii)(D)
164.308(a)(6)(i)
164.308(a)(6)(ii)
164.308(a)(7)(i)

3.3.1
3.3.2
3.3.5
3.6.1
3.6.2

AU.2.042
AU.2.042
AU.2.044
AU.3.048
AU.3.051
IR.2.092
IR.2.093
IR.2.095
IR.2.097
IR.3.098

Systems Monitoring / Audit Logging

The organization logs critical information system activity.

Logs within Red Canary can be used to help satisfy this control.

A.12.4.1

CC6.8
CC7.1
CC7.2
A12

AU-12
AU-2
MA-4
SC-7

RB-10
RB-11
RB-14
SIM-05

164.312(b)
164.312(c)(2)

Systems Monitoring / Secure Audit Logging

The organization logs critical information system activity to a secure repository.

Logs within Red Canary can be used to help satisfy this control.

CC7.2

10.5
10.5.1
10.5.2
10.5.3
10.5.4

Systems Monitoring / Audit Logging: Cardholder Data Environment Activity

The organization logs the following activity for cardholder data environments:

• Individual user access to cardholder data

• Administrative actions

• Access to logging servers

• Failed logins

• Modifications to authentication mechanisms and user privileges

• Initialization, stopping, or pausing of the audit logs

• Creation and deletion of system-level objects

• Security events

• Logs of all system components that store, process, transmit, or could impact the

security of cardholder data (CHD) and/or sensitive authentication data (SAD)

• Logs of all critical system components

• Logs of all servers and system components that perform security functions. For example, firewalls, intrusion-detection systems/intrusion-prevention systems (IDS/IPS), authentication servers, ecommerce redirection servers, and so on.

Logs within Red Canary can be used to help satisfy this control.

10.1
10.2
10.2.1
10.2.2
10.2.3
10.2.4
10.2.5
10.2.6
10.2.7
10.6.1

Systems Monitoring / Security Monitoring Alert Criteria

The organization defines security monitoring alert criteria, how alert criteria will be flagged, and identifies authorized personnel for flagged system alerts

Configurable alerts within Red Canary can be used to help satisfy this control

A.9.4.4
A.12.4.3

AC-2
AU-2
AU-3
AU-8
AU-12

10.8
10.9
12.10.5
12.5
12.5.2

IDM-06
IDM-12
RB-10
RB-11
RB-15

Systems Monitoring / Security Monitoring Alert Criteria: Privileged Functions

The organization defines security monitoring alert criteria for privileged functions executed by both authorized and unauthorized users

Configurable alerts within Red Canary can be used to help satisfy this control

10.6

Systems Monitoring / Security Monitoring Alert Criteria: Cardholder System Components

The organization defines security monitoring alert criteria for system components that store, process, transmit, or could impact the security of cardholder data and/or sensitive authentication data

Configurable alerts within Red Canary can be used to help satisfy this control

10.6.1

Systems Monitoring / System Security Monitoring

Critical systems are monitored in accordance to predefined security criteria and alerts are sent to authorized personnel. Confirmed incidents are tracked to resolution

Configurable alerts within Red Canary can be used to help satisfy this control

A.12.4.3

CC7.2
CC7.3
A1.2

AU-2
AU-5
AU-9
SC-7
SI-4

10.2
10.2.4
10.5.5
10.6
10.6.1
10.6.2
10.6.3
10.8.1
12.10.5
314.3(b)(2)
314.4

IDM-06
RB-10
RB-11
RB-13
RB-15

164.308(a)(1)(ii)(D)
164.308(a)(5)(ii)(B)
164.308(a)(5)(ii)(C)
164.308(a)(6)(i)
164.308(a)(6)(ii)
164.312(b)

Vulnerability Management / External Alerts and Advisories

The organization reviews alerts and advisories from management-approved security forums and communicates verified threats to authorized personnel

Configurable alerts, searchable activity logs, and incident management functions within Red Canary can be used to help satisfy this control

A.16.1.1
A.6.1.4

6.1

3.3.1
3.3.2
3.3.5
3.6.1
3.6.2
3.14.1
3.14.2
3.14.3

AC.1.001
AC.1.002
AU.3.051
IR.2.092
IR.3.098
SI.1.210
SI.1.211
SI.2.214

Vulnerability Management / Vulnerability Remediation

The organization assigns a risk rating to identified vulnerabilities and prioritizes remediation of legitimate vulnerabilities according to the assigned risk

Threat identification, logging, and alerting within Red Canary can help to satisfy this control

A.6.1.5
A.12.6.1
A.14.2.8

CC7.1

CA-7

6.1

RB-17
RB-19
RB-21

164.306(a)(1)
164.306(a)(2)
164.306(a)(3)
164.308(a)(1)(ii)(B)