Windows Server 2008 R2: Monitor assets for capacity and availability thresholds, alert when thresholds are exceeded, and respond to alerts as required by your organization’s incident management process.
Home<ObjectTemplate ID="WS08R2_MCA_00072" TypeID="GRCControl!System.Compliance.ManualControlActivityProjection">
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ExternalName$">$MPElement[Name='GRC!System.Compliance.SourceNameEnum.MicrosoftCorporation']$</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ExternalId$">WS08R2_MCA_00072</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ExternalVersion$">1.0</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/Type$">$MPElement[Name='GRCControl!System.Compliance.ControlActivity.TypeEnum.Detective']$</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/Title$">Proceduralize Capacity and Availability Monitoring</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/DisplayName$">WS08R2_MCA_00072 Proceduralize Capacity and Availability Monitoring</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/Description$">Windows Server 2008 R2: Monitor assets for capacity and availability thresholds, alert when thresholds are exceeded, and respond to alerts as required by your organization’s incident management process.
</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ImplementationMethod$">This control requires your organization to maintain a procedure to monitor assets, generate alerts, and respond to alerts. The Windows Server Operating System Management Pack for Operations Manager can be used to monitor capacity thresholds in Windows servers and generate alerts when thresholds are exceeded. The Operations Manager alert connector to Service Manager’s incident management feature can be used to respond to alerts. The following monitors and default thresholds from this management pack are used to meet this control’s requirements:
Windows Server 2008 R2 Logical Disk
* Logical Disk Availability – Unavailable
* Logical Disk Free Space – High 10% or 200Mb, Low 5% or 100Mb
* Average Disk Seconds per Transfer – 50 over 5 samples
* Logical Disk Fragmentation Level – Warn at 10% file fragmentation level
Windows Server 2008 R2 Processor
* CPU DPC Time Percentage – 15 or more over 5 samples
* CPU Percentage Interrupt Time – 10 or more over 5 samples
* CPU Percentage Utilization – 95% or more over 5 samples
Establish a manual procedure for monitoring these assets and responding to alerts. This procedure should address how your organization ensures that alerts are responded to in accordance with the organization's incident management process. Then manually assert whether this procedure is being followed within the organization for assets within the GRC program scope. Manual assertions should be recorded at a frequency that is commensurate with audit sample sizes and frequencies, which can vary according to GRC authority document requirements and your organization's audit schedule.
Procedure Steps
Replace the content in this field with a high-level summary of the procedure your organization executes for this control.
</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/AdditionalGuidance$">For more information, see:
"Windows Server Operating System Management Pack for Operations Manager 2007" at
www.microsoft.com/downloads/details.aspx?FamilyID=3529d233-5e3e-4b51-8f66-5d6f27005ec3&DisplayLang=en
"System Center Service Manager" at www.microsoft.com/systemcenter/en/us/service-manager.aspx
</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/TestSummary$">Manual Assertion
Manually assert whether the procedure has been sufficiently and reasonably performed since the last assertion.
Manual assertions should be recorded at a frequency that is commensurate with audit sample sizes and frequencies, which can vary according to GRC authority document requirements and your organization's audit schedule. Determine what personnel will make the manual assertion by asking the GRC program manager. Typically, this assertion will be made by an analyst who observes an IT professional that enacts the process.
Record the compliance state as an assertion within the GRC program with one of the following states: compliant, noncompliant, error, or unknown.
Manual Assertion Steps:
1. Open the Service Manager Console.
2. Click the Compliance and Risk Items Workspace.
3. Expand the Control Management folder, then the Control Activities folders and select the All Control Activities View.
4. In the Control Activities View, select control activities for which you want to add a result and in the Task pane select Edit Control Activity. Service Manager Console launches the Control Activity form with the selected control activity.
5. In the Control Activity form, in the Task pane, select the Add Result Console task. Service Manager Console launches the Select Template dialog.
6. Select one of the templates for the results (Compliant, Non-Compliant, Unknown or Error). The Result form will open with the Result set to the control activity template name (for example, Compliant means Result = Compliant, and so on). The owner field is populated with the current user name.
7. Select one of the programs from the Program Section before Results (OK button is enabled).
8. Save the results by clicking OK in the dialog. Service Manager Console creates a Number of Managed Entity Results per Configuration Item in Scope for the selected programs. Service Manager Console will close the Add Result dialog and create a relationship between the control activity and Managed Entitiy Result in the CMDB. The Control Activity form remains open and displays the updated control activity in the form.
</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/TestId$"/>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/TestName$"/>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/SupportedControlObjectives$">GRC_MCO_00080</Property>
</ObjectTemplate>