AC-2 (4) - Automated Audit Actions

Control requirements

AC-2 (4) - 0

The information system automatically audits account creation, modification, enabling, disabling, and removal actions, and notifies [Assignment: organization-defined personnel or roles].

Implementation guidance

See the resources that follow to learn more about how to implement this control.

• Audit logging of application provider events and SIEM
• Audit logging of IBM Cloud events
• IBM Cloud account setup

IBM Cloud for Financial Services profile

The rules related to this control that follow are part of the IBM Cloud for Financial Services v1.2.0 profile in IBM Cloud® Security and Compliance Center.

• Check that Activity Tracker Event Routing is configured to collect global events generated by IBM Cloud services