Supported Standards and Frameworks

Red Canary helps many organizations satisfy or support their compliance controls through our monitoring and security operations. We’re happy to help you and your auditors better understand how Red Canary works behind the scenes.

The following tables list common controls, describe how Red Canary supports those controls, and map to the relevant compliance framework sections.

Asset Management/Inventory Management

Control Family/Name/Activity	Asset Management/Inventory Management The organization maintains an inventory of system devices, which is reconciled in accordance with the organization-defined frequency
How Red Canary Helps Satisfy This Control	Inventory of monitored endpoints within Red Canary can be used to help satisfy this control
ISO27001:2013	SOC	FedRAMP	PCI-DSS	BSI C5	HIPAA	NIST 800-171	CMCC
A.8.1.1	CC6.1	CM-8	9.6.1 9.7 9.7.1	AM-01	-	3.4.1 3.4.1	CM.2.06 CM.2.064

Control Family/Name/Activity

Asset Management/Inventory Management

The organization maintains an inventory of system devices, which is reconciled in accordance with the organization-defined frequency

How Red Canary Helps Satisfy This Control

Inventory of monitored endpoints within Red Canary can be used to help satisfy this control

ISO27001:2013

SOC

FedRAMP

PCI-DSS

BSI C5

HIPAA

NIST 800-171

CMCC

A.8.1.1

CC6.1

CM-8

9.6.1

9.7

9.7.1

AM-01

3.4.1

CM.2.06

CM.2.064

Configuration Management/Configuration Checks

Control Family/Name/Activity	Configuration Management/Configuration Checks The organization uses mechanisms to detect deviations from baseline configurations in production environments.
How Red Canary Helps Satisfy This Control	Appropriately configured logging and alerting within Red Canary can help satisfy this control.
ISO27001:2013	SOC	FedRAMP	PCI-DSS	BSI C5	HIPAA	NIST 800-171	CMCC
A.9.4.4 A.12.5.1	CC6.8	CM-6 CM-7	1.2.2 10.4.2 11.4 11.5 11.5.1 5.3	IDM-12 KOS-01 RM-22	164.306(a)(2)	3.1.1 3.1.2 3.1.5 3.1.6 3.1.7 3.4.5 3.4.6 3.4.7 3.4.8 3.4.9	AC.1.001 AC.1.002 AC.1.007 AC.2.007 AC.2.008 AC.3.018 CM.3.067 CM.2.062 CM.3.068 CM.3.069 CM.4.073 CM.2.063

Control Family/Name/Activity

Configuration Management/Configuration Checks

The organization uses mechanisms to detect deviations from baseline configurations in production environments.

How Red Canary Helps Satisfy This Control

Appropriately configured logging and alerting within Red Canary can help satisfy this control.

ISO27001:2013

SOC

FedRAMP

PCI-DSS

BSI C5

HIPAA

NIST 800-171

CMCC

A.9.4.4

A.12.5.1

CC6.8

CM-6

CM-7

1.2.2

10.4.2

11.4

11.5

11.5.1

5.3

IDM-12

KOS-01

RM-22

164.306(a)(2)

3.1.1

3.1.2

3.1.5

3.1.6

3.1.7

3.4.5

3.4.6

3.4.7

3.4.8

3.4.9

AC.1.001

AC.1.002

AC.1.007

AC.2.007

AC.2.008

AC.3.018

CM.3.067

CM.2.062

CM.3.068

CM.3.069

CM.4.073

CM.2.063

Incident Response

Control Family/Name/Activity	Incident Response Confirmed incidents are assigned a priority level and managed to resolution.
How Red Canary Helps Satisfy This Control	Red Canary's incident management process (including tracking and logging within Red Canary) can be used to help satisfy this control.
ISO27001:2013	SOC	FedRAMP	PCI-DSS	BSI C5	HIPAA	NIST 800-171	CMCC
A.16.1.1 A.16.1.2 A.16.1.4 A.16.1.5 A.16.1.6 A.16.1.7	CC2.2 CC7.3 CC7.4 CC7.5	IR-4 IR-5 IR-9	10.6.3 10.8.1 12.10.3	SIM-01 SIM-02 SIM-03 SIM-04 SIM-05 SIM-06 SIM-07 SPN-01	164.308(a)(1)(ii)(D) 164.308(a)(6)(i) 164.308(a)(6)(ii) 164.308(a)(7)(i)	3.3.1 3.3.2 3.3.5 3.6.1 3.6.2	AU.2.041 AU.2.042 AU.2.044 AU.3.048 AU.3.051 IR.2.092 IR.2.093 IR.2.095 IR.2.097 IR.3.098

Control Family/Name/Activity

Incident Response

Confirmed incidents are assigned a priority level and managed to resolution.

How Red Canary Helps Satisfy This Control

Red Canary's incident management process (including tracking and logging within Red Canary) can be used to help satisfy this control.

ISO27001:2013

SOC

FedRAMP

PCI-DSS

BSI C5

HIPAA

NIST 800-171

CMCC

A.16.1.1

A.16.1.2

A.16.1.4

A.16.1.5

A.16.1.6

A.16.1.7

CC2.2

CC7.3

CC7.4

CC7.5

IR-4

IR-5

IR-9

10.6.3

10.8.1

12.10.3

SIM-01

SIM-02

SIM-03

SIM-04

SIM-05

SIM-06

SIM-07

SPN-01

164.308(a)(1)(ii)(D)

164.308(a)(6)(i)

164.308(a)(6)(ii)

164.308(a)(7)(i)

3.3.1

3.3.2

3.3.5

3.6.1

3.6.2

AU.2.041

AU.2.042

AU.2.044

AU.3.048

AU.3.051

IR.2.092

IR.2.093

IR.2.095

IR.2.097

IR.3.098

Systems Monitoring/Audit Logging

Control Family/Name/Activity	Systems Monitoring/Audit Logging The organization logs critical information system activity.
How Red Canary Helps Satisfy This Control	Logs within Red Canary can be used to help satisfy this control.
ISO27001:2013	SOC	FedRAMP	PCI-DSS	BSI C5	HIPAA	NIST 800-171	CMCC
A.12.4.1	CC6.8 CC7.1 CC7.2 A12	AU-12 AU-2 MA-4 SC-7	-	RB-10 RB-11 RB-14 SIM-05	164.312(b) 164.312.(c)(2)	3.3.1 3.3.2 3.3.5	AU.2.041 AU.2.042 AU.3.051

Control Family/Name/Activity

Systems Monitoring/Audit Logging

The organization logs critical information system activity.

How Red Canary Helps Satisfy This Control

Logs within Red Canary can be used to help satisfy this control.

ISO27001:2013

SOC

FedRAMP

PCI-DSS

BSI C5

HIPAA

NIST 800-171

CMCC

A.12.4.1

CC6.8

CC7.1

CC7.2

A12

AU-12

AU-2

MA-4

SC-7

RB-10

RB-11

RB-14

SIM-05

164.312(b)

164.312.(c)(2)

3.3.1

3.3.2

3.3.5

AU.2.041

AU.2.042

AU.3.051

Systems Monitoring/Secure Audit Logging

Control Family/Name/Activity	Systems Monitoring/Secure Audit Logging The organization logs critical information system activity to a secure repository.
How Red Canary Helps Satisfy This Control	Logs within Red Canary can be used to help satisfy this control.
ISO27001:2013	SOC	FedRAMP	PCI-DSS	BSI C5	HIPAA	NIST 800-171	CMCC
-	CC7.2	-	10.5 10.5.1 10.5.2 10.5.3 10.5.4	-	-	3.4.1 3.4.2 3.4.3 3.4.4 3.4.5 3.4.6 3.4.7 3.4.8	CM.2.061 CM.2.064 CM.2.065 CM.2.066 CM.3.067 CM.3.068 CM.3.069 CM.4.073

Control Family/Name/Activity

Systems Monitoring/Secure Audit Logging

The organization logs critical information system activity to a secure repository.

How Red Canary Helps Satisfy This Control

Logs within Red Canary can be used to help satisfy this control.

ISO27001:2013

SOC

FedRAMP

PCI-DSS

BSI C5

HIPAA

NIST 800-171

CMCC

CC7.2

10.5

10.5.1

10.5.2

10.5.3

10.5.4

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8

CM.2.061

CM.2.064

CM.2.065

CM.2.066

CM.3.067

CM.3.068

CM.3.069

CM.4.073

Systems Monitoring/Audit Logging: Cardholder Data Environment Activity

Control Family/Name/Activity	Systems Monitoring/Audit Logging: Cardholder Data Environment Activity The organization logs the following activity for cardholder data environments: Individual user access to cardholder data Administrative actions Access to logging servers Failed logins Modifications to authentication mechanisms and user privileges Initialization, stopping, or pausing of the audit logs Creation and deletion of system-level objects Security events Logs of all system components that store, process, transmit, or could impact the security of cardholder data (CHD) and/or sensitive authentication data (SAD) Logs of all critical system components Logs of all servers and system components that perform security functions. For example, firewalls, intrusion-detection systems/intrusion-prevention systems (IDS/IPS), authentication servers, ecommerce redirection servers, and so on.
How Red Canary Helps Satisfy This Control	Logs within Red Canary can be used to help satisfy this control.
ISO27001:2013	SOC	FedRAMP	PCI-DSS	BSI C5	HIPAA	NIST 800-171	CMCC
-	-	-	10.1 10.2 10.2.1 10.2.2 10.2.3 10.2.4 10.2.5 10.2.6 10.2.7 10.6.1	-	-	-	-

Control Family/Name/Activity

Systems Monitoring/Audit Logging: Cardholder Data Environment Activity

The organization logs the following activity for cardholder data environments:

Individual user access to cardholder data
Administrative actions
Access to logging servers
Failed logins
Modifications to authentication mechanisms and user privileges
Initialization, stopping, or pausing of the audit logs
Creation and deletion of system-level objects
Security events
Logs of all system components that store, process, transmit, or could impact the security of cardholder data (CHD) and/or sensitive authentication data (SAD)
Logs of all critical system components
Logs of all servers and system components that perform security functions. For example, firewalls, intrusion-detection systems/intrusion-prevention systems (IDS/IPS), authentication servers, ecommerce redirection servers, and so on.

How Red Canary Helps Satisfy This Control

Logs within Red Canary can be used to help satisfy this control.

ISO27001:2013

SOC

FedRAMP

PCI-DSS

BSI C5

HIPAA

NIST 800-171

CMCC

10.1

10.2

10.2.1

10.2.2

10.2.3

10.2.4

10.2.5

10.2.6

10.2.7

10.6.1

Systems Monitoring/Security Monitoring Alert Criteria

Control Family/Name/Activity	Systems Monitoring/Security Monitoring Alert Criteria The organization defines security monitoring alert criteria, how alert criteria will be flagged, and identifies authorized personnel for flagged system alerts.
How Red Canary Helps Satisfy This Control	Configurable alerts within Red Canary can be used to help satisfy this control.
ISO27001:2013	SOC	FedRAMP	PCI-DSS	BSI C5	HIPAA	NIST 800-171	CMCC
A.9.4.4 A.12.4.3	-	AC-2 AU-2 AU-3 AU-8 AU-12	10.8 10.9 12.10.5 12.5 12.5.2	IDM-06 IDM-12 RB-10 RB-11 RB-15	-	3.1.1 3.1.2 3.1.5 3.1.6 3.1.7 3.3.8 3.3.9	AC.1.001 AC.1.002 AC.2.007 AC.2.008 AC.3.018 AU.3.049 AU.3.050

Control Family/Name/Activity

Systems Monitoring/Security Monitoring Alert Criteria

The organization defines security monitoring alert criteria, how alert criteria will be flagged, and identifies authorized personnel for flagged system alerts.

How Red Canary Helps Satisfy This Control

Configurable alerts within Red Canary can be used to help satisfy this control.

ISO27001:2013

SOC

FedRAMP

PCI-DSS

BSI C5

HIPAA

NIST 800-171

CMCC

A.9.4.4

A.12.4.3

AC-2

AU-2

AU-3

AU-8

AU-12

10.8

10.9

12.10.5

12.5

12.5.2

IDM-06

IDM-12

RB-10

RB-11

RB-15

3.1.1

3.1.2

3.1.5

3.1.6

3.1.7

3.3.8

3.3.9

AC.1.001

AC.1.002

AC.2.007

AC.2.008

AC.3.018

AU.3.049

AU.3.050

Systems Monitoring/Security Monitoring Alert Criteria: Privileged Functions

Control Family/Name/Activity	Systems Monitoring/Security Monitoring Alert Criteria: Privileged Functions The organization defines security monitoring alert criteria for privileged functions executed by both authorized and unauthorized users.
How Red Canary Helps Satisfy This Control	Configurable alerts within Red Canary can be used to help satisfy this control.
ISO27001:2013	SOC	FedRAMP	PCI-DSS	BSI C5	HIPAA	NIST 800-171	CMCC
-	-	-	10.6	-	-	-	-

Control Family/Name/Activity

Systems Monitoring/Security Monitoring Alert Criteria: Privileged Functions

The organization defines security monitoring alert criteria for privileged functions executed by both authorized and unauthorized users.

How Red Canary Helps Satisfy This Control

Configurable alerts within Red Canary can be used to help satisfy this control.

ISO27001:2013

SOC

FedRAMP

PCI-DSS

BSI C5

HIPAA

NIST 800-171

CMCC

10.6

Systems Monitoring/Security Monitoring Alert Criteria: Cardholder System Components

Control Family/Name/Activity	Systems Monitoring/Security Monitoring Alert Criteria: Cardholder System Components The organization defines security monitoring alert criteria for system components that store, process, transmit, or could impact the security of cardholder data and/or sensitive authentication data.
How Red Canary Helps Satisfy This Control	Configurable alerts within Red Canary can be used to help satisfy this control.
ISO27001:2013	SOC	FedRAMP	PCI-DSS	BSI C5	HIPAA	NIST 800-171	CMCC
-	-	-	10.6.1	-	-	-	-

Control Family/Name/Activity

Systems Monitoring/Security Monitoring Alert Criteria: Cardholder System Components

The organization defines security monitoring alert criteria for system components that store, process, transmit, or could impact the security of cardholder data and/or sensitive authentication data.

How Red Canary Helps Satisfy This Control

Configurable alerts within Red Canary can be used to help satisfy this control.

ISO27001:2013

SOC

FedRAMP

PCI-DSS

BSI C5

HIPAA

NIST 800-171

CMCC

10.6.1

Systems Monitoring/System Security Monitoring

Control Family/Name/Activity	Systems Monitoring/System Security Monitoring Critical systems are monitored in accordance to predefined security criteria and alerts are sent to authorized personnel. Confirmed incidents are tracked to resolution.
How Red Canary Helps Satisfy This Control	Configurable alerts within Red Canary can be used to help satisfy this control.
ISO27001:2013	SOC	FedRAMP	PCI-DSS	BSI C5	HIPAA	NIST 800-171	CMCC
A.12.4.3	CC7.2 CC7.3 A1.2	AU-2 AU-5 AU-9 SC-7 SI-4	10.2 10.2.4 10.5.5 10.6 10.6.1 10.6.2 10.6.3 10.8.1 12.10.5 314.3(B)(2) 314.4	IDM-06 IDM-12 RB-10 RB-11 RB-15	164.308(a)(1)(ii)(D) 164.308(a)(5)(ii)(B) 164.308(a)(5)(ii)(C) 164.308(a)(6)(i) 164.308(a)(6)(ii) 164.312(b)	3.3.1 3.3.2 3.3.8 3.3.9	AC.1.001 AC.1.002 AU.3.049 AU.3.050

Control Family/Name/Activity

Systems Monitoring/System Security Monitoring

Critical systems are monitored in accordance to predefined security criteria and alerts are sent to authorized personnel. Confirmed incidents are tracked to resolution.

How Red Canary Helps Satisfy This Control

Configurable alerts within Red Canary can be used to help satisfy this control.

ISO27001:2013

SOC

FedRAMP

PCI-DSS

BSI C5

HIPAA

NIST 800-171

CMCC

A.12.4.3

CC7.2

CC7.3

A1.2

AU-2

AU-5

AU-9

SC-7

SI-4

10.2

10.2.4

10.5.5

10.6

10.6.1

10.6.2

10.6.3

10.8.1

12.10.5

314.3(B)(2)

314.4

IDM-06

IDM-12

RB-10

RB-11

RB-15

164.308(a)(1)(ii)(D)

164.308(a)(5)(ii)(B)

164.308(a)(5)(ii)(C)

164.308(a)(6)(i)

164.308(a)(6)(ii)

164.312(b)

3.3.1

3.3.2

3.3.8

3.3.9

AC.1.001

AC.1.002

AU.3.049

AU.3.050

Vulnerability Management/External Alerts and Advisories

Control Family/Name/Activity	Vulnerability Management/External Alerts and Advisories The organization reviews alerts and advisories from management-approved security forums and communicates verified threats to authorized personnel.
How Red Canary Helps Satisfy This Control	Configurable alerts, searchable activity logs, and incident management functions within Red Canary can be used to help satisfy this control.
ISO27001:2013	SOC	FedRAMP	PCI-DSS	BSI C5	HIPAA	NIST 800-171	CMCC
A.16.1.1 A.6.1.4	-	-	6.1	-	-	3.3.1 3.3.2 3.3.5 3.6.1 3.6.2 3.14.1 3.14.2 3.14.3	AC.1.001 AC.1.002 AU.3.051 IR.2.092 IR.3.098 SI.1.210 SI.1.211 SI.2.214

Control Family/Name/Activity

Vulnerability Management/External Alerts and Advisories

The organization reviews alerts and advisories from management-approved security forums and communicates verified threats to authorized personnel.

How Red Canary Helps Satisfy This Control

Configurable alerts, searchable activity logs, and incident management functions within Red Canary can be used to help satisfy this control.

ISO27001:2013

SOC

FedRAMP

PCI-DSS

BSI C5

HIPAA

NIST 800-171

CMCC

A.16.1.1

A.6.1.4

6.1

3.3.1

3.3.2

3.3.5

3.6.1

3.6.2

3.14.1

3.14.2

3.14.3

AC.1.001

AC.1.002

AU.3.051

IR.2.092

IR.3.098

SI.1.210

SI.1.211

SI.2.214

Vulnerability Management/Vulnerability Remediation

Control Family/Name/Activity	Vulnerability Management/Vulnerability Remediation The organization assigns a risk rating to identified vulnerabilities and prioritizes remediation of legitimate vulnerabilities according to the assigned risk.
How Red Canary Helps Satisfy This Control	Threat identification, logging, and alerting within Red Canary can be used to help satisfy this control.
ISO27001:2013	SOC	FedRAMP	PCI-DSS	BSI C5	HIPAA	NIST 800-171	CMCC
A.6.1.5 A.12.6.1 A.14.2.8	CC7.1	CA-7	6.1	RB-17 RB-19 RB-21	164.306(a)(1) 164.306(a)(2) 164.306(a)(3) 164.308(a)(1)(ii)(B)	3.11.1 3.11.2 3.11.3 3.12.1 3.12.2 3.12.3 3.14.1 3.14.2	RM.2.141 RM.2.142 RM.2.143 SI.1.210 SI.2.211 SI.2.214 CA.2.158 CA.2.159 CA.3.161

Control Family/Name/Activity

Vulnerability Management/Vulnerability Remediation

The organization assigns a risk rating to identified vulnerabilities and prioritizes remediation of legitimate vulnerabilities according to the assigned risk.

How Red Canary Helps Satisfy This Control

Threat identification, logging, and alerting within Red Canary can be used to help satisfy this control.

ISO27001:2013

SOC

FedRAMP

PCI-DSS

BSI C5

HIPAA

NIST 800-171

CMCC

A.6.1.5

A.12.6.1

A.14.2.8

CC7.1

CA-7

6.1

RB-17

RB-19

RB-21

164.306(a)(1)

164.306(a)(2)

164.306(a)(3)

164.308(a)(1)(ii)(B)

3.11.1

3.11.2

3.11.3

3.12.1

3.12.2

3.12.3

3.14.1

3.14.2

RM.2.141

RM.2.142

RM.2.143

SI.1.210

SI.2.211

SI.2.214

CA.2.158

CA.2.159

CA.3.161