SOC-CMM forum

Full Version: Which extensions should be done to the process domain?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
The SOC-CMM survey has indicated that some users are looking for additions to the SOC-CMM process domain. Which additions should be considered?
Hi Rob,
There are 2 additional components which I think should be included under Process Domain - 1. SOC Management 1.3
Probably as 1.3.11 and 1.3.12.

1.3.11 Data on-boarding procedure: Procedure for intake, evaluation and move-to-production for requests for new security devices.
For example, an organization has newly deployed a Web Application FW, so we need a procedure to define how to parse the logs, normalize, use cases, correlation, etc.

1.3.12 Data off-loading procedure: procedure to remove existing security devices due to decommissioning.

What do u think?

Hi Darren,

Thanks for the suggestion. I think that data onboarding is something that should be part of SOC services, rather than SOC management. SOC management is commited to onbaording or offloading services, service management is commited to onboarding or offloading new data sources. So I would put this under each and every one of the services. Most likely under x.2.y, as seperate element of the required service documentation. It could be considered part of 'have you create a set of procedures', but I think it's worthwhile making it more concrete.

Some thoughts on SOC Management Processes:
Organisational Document maintenance - the regular review of accuracy of network, business and threat model type docs
SOC induction processes

I couldn't see these in the section...
Hi Simon,

Thank you for your feedback.

Document maintenance is indeed not mentioned. Under Process --> operations & facilities, section 2.5 goes into document management but does not mention regular updates of the information in those systems. The SOC-CMM for CERT more explicitly mentions such information, so I'll take this with me in a nex iteration.

The SOC induction is mentioned in the people domain, under 3.6. This is what is meant with the 'new hire' process.