Common criteria 3.1 (COSO Principle 6)

The TSC common criteria CC3.1: The principle states, “The entity specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives”. This means that the entity should monitor the effectiveness of internal controls over financial reporting on an ongoing basis. In other words, an entity should have a system in place to regularly assess the effectiveness of its internal controls, identify and address any deficiencies, and make necessary adjustments to ensure that the controls effectively achieve their intended objectives.

This principle is a major component of the COSO framework for internal control and is essential for ensuring the integrity of financial reporting within an entity.

The use case below shows how Wazuh assists in meeting this requirement.

Use case: Utilizing Wazuh detection and response capabilities for security monitoring

Wazuh includes several out-of-the-box modules that help meet the COSO Principle 6 CC3.1 requirement. These modules provide capabilities for vulnerability assessment, configuration assessment, threat intelligence, and regulatory compliance, to mention a few. The analysis from these modules can be viewed from the Wazuh dashboard for easy identification and risk assessment.

Using the Wazuh dashboard, you can review events and alerts generated across your environment.