AC-6 (9) - Auditing Use of Privileged Functions
Control requirements
- AC-6 (9) - 0
- The information system audits the execution of privileged functions.
Implementation guidance
See the resources that follow to learn more about how to implement this control.
IBM Cloud for Financial Services profile
The rules related to this control that follow are part of the IBM Cloud for Financial Services v1.2.0 profile in IBM Cloud® Security and Compliance Center.
- Check that Activity Tracker Event Routing is configured to collect global events generated by IBM Cloud services
NIST supplemental guidance
Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse, and in doing so, help mitigate the risk from insider threats and the advanced persistent threat (APT).