SOC 2 Common Criteria 6.3 Access Modification and Removal

The SOC 2 Audit Reports provide documentation to help demonstrate compliance with the Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA). The SOC 2 CC6.3 Access Modification and Removal report describes how to use and access log searches, the list of users with access to security functions and access logs in the Alert Logic console that help demonstrate compliance with Common Criteria (CC) 6.3.

To access the SOC 2 CC6.3 Access Modification and Removal report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Compliance.
  3. Under SOC 2 Audit, click VIEW.
  4. Click SOC 2 CC6.3 Access Modification and Removal.

The report summary page displays two columns. Points of Focus lists points of focus, specifically related to all engagements using the trust services criteria, that highlight important characteristics relating to CC6.3. Available Documentation and Artifacts describes, and contains links to, the documentation and compliance artifacts that can demonstrate compliance with each point of focus.

Filter the report

To refine your findings, you can filter your report by date range and customer account.

Filter the report using drop-down menus

By default, Alert Logic includes (All) values for most filters in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

Available Documentation and Artifacts

This report provides access to the Log Search page that help you demonstrate compliance with CC6.3. This criteria requires that the entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system design and changes, giving consideration to the concepts of least privilege and segregation of duties, to meet the entity’s objectives.

Creates or Modifies Access to Protected Information Assets

The Creates or Modifies Access to Protected Information Assets point of focus requires you to demonstrate that processes are in place to create or modify access to protected information assets based on authorization from the asset’s owner.

This section provides you with a link to the Alert Logic Get Started with Search page where you can search logs for message types related to creating or modifying user accounts and groups. You can use this information to demonstrate that creating or modifying access to protected information assets is based on authorization.

This section includes a link to an Alert Logic Knowledge Base article that contains the recommended log search statements you can use on the Alert Logic Log Search page. You can use the log search statements to gather the supporting documentation that illustrates compliance with CC6.3 Creates or Modifies Access to Protected Information Assets point of focus.

Removes Access to Protected Information Assets

The Removes Access to Protected Information Assets point of focus requires you to demonstrate that are in place to remove access to protected information assets when an individual no longer requires access.

This section provides you with a link to the Alert Logic Get Started with Search page where you can search logs for message types related to removing user accounts and groups. You can use this information to demonstrate that there is a process to remove access to protected information access.

This section includes a link to an Alert Logic Knowledge Base article that contains the recommended log search statements you can use on the Alert Logic Log Search page. You can use the log search statements to gather the supporting documentation that illustrates compliance with CC6.3 Removes Access to Protected Information Assets point of focus.

Uses Role-Based Access Controls

The Uses Role-Based Access Controls point of focus requires you to demonstrate that role-based access control is utilized to support segregation of incompatible functions.

This section provides you with a link for quick access to a list of users in the Alert Logic console that have authorized access to security function and access logs.

Reviews Access Roles and Rules

The Reviews Access Roles and Rules point of focus requires you to demonstrate that the appropriateness of access roles and access rules is reviewed on a periodic basis for unnecessary and inappropriate individuals with access and access rules are modified as appropriate.

Alert Logic does not provide data for this point of focus. You must provide the policy and procedure documents for this audit.