The DCF-86 (Operational Audit) is not monitored in Drata for SOC 2, ISO 27001:2013, ISO 27001:2022, and HIPAA. Go to Example Evidence for Not Monitored Controls (SOC 2, ISO 27001, HIPAA) for more information.
ASSOCIATED DRATA CONTROL
This test is part of the Operational Audit control that ensures your company cloud infrastructure is monitored through an operational audit system that sends alerts to appropriate personnel.
WHAT TO DO IF A TEST FAILS
If Drata finds that the operational auditing system is either disabled or that no alert rulesets are configured the test will fail.
To remediate a failed test, you will need to enable the operational auditing system and configure one or more rulesets to trigger alerts to the appropriate personnel.