- What is GPG 13 compliance?
- How can you comply with GPG 13?
- Who is expected to follow GPG 13?
- Related content
- Discover the simplified approach to GPG 13 compliance with EventLog Analyzer
- How does EventLog Analyzer meet GPG 13 requirements?
- Related solutions offered by EventLog Analyzer
What is GPG 13 compliance?
The Good Practice Guide 13 (GPG 13) is a framework with 12 protective monitoring controls (PMCs) for all His Majesty's Government (HMG) organizations. It is defined by the Communications-Electronics Security Group , Britain’s information assurance authority. When it comes to user access to networks and systems, GPG 13 requires organizations to record:
- Unauthorized application access.
- File access attempts to sensitive information.
- Successful logins and logouts.
- Unsuccessful logins and logouts.
- Privileged system changes (e.g., account management, policy changes, device configuration).
- Logs for at least six months.
How can you comply with GPG 13?
Compliance with GPG 13 is crucial for organizations dealing with sensitive data and connected to government networks. It helps protect privacy, prevent data breaches, and enhance overall cybersecurity. To comply with GPG 13, you need to implement all 12 PMCs. While adhering to GPG13 may be difficult for organizations facing constraints such as limited resources or small IT security teams, it is necessary to ensure the security and integrity of critical systems and sensitive information.
Who is expected to follow GPG 13?
Although the regulatory directives of GPG 13 primarily target HMG departments and agencies, service providers may also be obligated to adhere to it. Service providers that have access to government data are also expected to meet GPG 13's stipulated obligations.
Related content
Discover the simplified approach to GPG 13 compliance with EventLog Analyzer
Log management
EventLog Analyzer is a log monitoring solution that collects logs from various log sources present in your network environment, like Windows systems, Unix/Linux systems, applications, databases, firewalls, routers, switches, and IDS/IPS. The solution also monitors Windows devices, workstations, servers, and operating systems to conduct in-depth auditing and generate reports that can help you comprehend security logs . This feature will help you record logs from all network connections, which helps you meet PMC 6.
File integrity monitoring
File integrity monitoring secures your organization's data from unauthorized and unwanted modifications, security threats, and breaches. It keeps track of any changes made to files or folders in real time to detect any security incidents quickly and generate alerts to the relevant stakeholder , who can then review the issue and take the necessary steps to resolve it. You can also keep tabs on changes to security privileges, such as permissions, ownership, and others, with the FIM module to comply with PMC 4.
User session monitoring
It's important to monitor user activity, as threats can come from internal or external users. EventLog Analyzer's user session monitoring feature helps detect any data misuse by monitoring user activity on the network. It tracks your users' real-time activities and also provides exhaustive reports of all user activities, like user logons, user logoffs, failed logons, or user account changes, that took place after the user logged in. This feature facilitates the recording of user and workstation session activities (PMC 7), as well as detecting suspicious internal network activities (PMC 5).
Incident response
EventLog Analyzer offers a real-time alerts feature with 500 predefined alert criteria or the option of building custom alert profiles tailored to your specific needs. You organization can be alerted of any suspicious event with notifications via email or SMS, helping you meet PMC 9.
Along with real-time alerts, EventLog Analyzer's automated incident response takes the necessary steps to reduce the impact of the attack right after a security incident, before the alerted security personnel takes a closer look. The incident response module has multiple built-in workflows, allowing organizations to save a great deal of time responding to incidents while also minimizing or eliminating potential damage.
How does EventLog Analyzer meet GPG 13 requirements?
| Requirement | How EventLog Analyzer helps with compliance | EventLog Analyzer reports/features |
|---|---|---|
| PMC 1 Accurate time stamp |
Prevents anyone from tampering with log timestamps. | S ecure log storage. |
| PMC 2 Recording of business traffic crossing a boundary |
Records traffic that passes through IIS and Apache web servers in the PMC 2 reports. |
|
| PMC 3 Recording of suspicious activity at the boundary |
Displays all connections that have been denied and possible attacks on network perimeter devices in the PMC 3 reports. |
|
| PMC 4 Recording of internal workstation, server, or device status |
Detects and records any suspicious activity, including configuration changes, privileged access, unexpected system and application restarts, software installation, removable media insertion and removal, and sensitive file access. |
|
| PMC 5 Recording of suspicious internal network activity |
Records policy changes and helps identify if an inside user is carrying out malicious activity. |
|
| PMC 6 Recording of network connections |
Records all Windows, Unix, and network perimeter device logons. |
|
| PMC 7 Recording of session activity of users and workstations |
Tracks entire user sessions from logon to logoff, including details of their activity during the session. |
|
| PMC 8 Recording of data backup status |
Records failed backups and restoration events. |
|
| PMC 9 Alerting when critical events occur |
Sends real-time alerts via email and SMS when any anomalous activity happens in the network. A program can be assigned to run when an alert is generated. | The incident response and management console alerts the users when critical events occur. |
| PMC 10 Reporting on the status of the audit system |
Tracks the clearing of all security logs and event logs. |
|
| PMC 11 Production of sanitized and statistical management reports |
Offers a highly customizable reporting function. Admins can configure existing reports to suit their specific requirements or create new ones. | All predefined reports can be customized and scheduled. |
| PMC 12 Providing a legal framework for protective monitoring activities |
Ensures that all data is collected and analyzed for forensic validity. | Centrally collects, archives, searches, analyzes, and correlates machine-generated logs obtained from heterogeneous systems, network devices, and applications and generates forensic reports. |
Related solutions offered by EventLog Analyzer:
Privileged user monitoring
Track privileged user accounts and detect any suspicious events like unauthorized logons, logon failures, user account changes, user group changes, audit logs cleared, audit policy changes, and access attempts during non-working hours. EventLog Analyzer also provides reports that help to identify user behavior that may indicate privilege abuse. Learn more
Log archiving
With help of EventLog Analyzer, archive all collected logs and automatically store them securely after the retention period is complete. By configuring the retention period details in EventLog Analyzer, you can adhere to GPG 13, which requires logs to be retained for at least six months. Learn more
Log forensic analysis
EventLog Analyzer's forensic analysis feature provides organizations with the capabilities necessary to conduct in-depth investigations into security incidents and identify root causes. Learn more
Application auditing
Audit all your critical application servers like Apache, IIS, SQL, and other custom applications. The tool collects, analyzes, and correlates any application logs and provides actionable insights about network events. Learn more