IDEF Security Audits, v1.0
Specifies requirements in accordance with Identity Ecosystem Framework (IDEF) requirement SECURE-15: SECURITY AUDITS.
Assessment Steps (2)
1
Regular Audits of Compliance with Internal Security Policies and Procedures (RegularAuditsofCompliancewithInternalSecurityPoliciesandProcedures)
Does the entity conduct regular audits of its compliance with its own information security policies and procedures, and any additional requirements of law, including a review of its logs, incident reports and credential loss occurrences?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
2
Perodic Review of Policies and Procedures Effectiveness (PerodicReviewofPoliciesandProceduresEffectiveness)
Does the entity periodically review the effectiveness of its policies and procedures in light of its audit results?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (1)
Security Audits
Entities MUST conduct regular audits of their compliance with their own information security policies and procedures, and any additional requirements of law, including a review of their logs, incident reports and credential loss occurrences, and MUST periodically review the effectiveness of their policies and procedures in light of that data.
Citation
IDEF
Page 38
|