Skip to main content

πŸ’Ό SI-4 System Monitoring (L)(M)(H)

  • Contextual name: πŸ’Ό SI-4 System Monitoring (L)(M)(H)
  • ID: /frameworks/fedramp-high-security-controls/si/04
  • Located in: πŸ’Ό System and Information Integrity

Description​

a. Monitor the system to detect:

  1. Attacks and indicators of potential attacks in accordance with the following monitoring objectives: [Assignment: organization-defined monitoring objectives]; and

  2. Unauthorized local, network, and remote connections;

b. Identify unauthorized use of the system through the following techniques and methods: [Assignment: organization-defined techniques and methods];

c. Invoke internal monitoring capabilities or deploy monitoring devices:

  1. Strategically within the system to collect organization-determined essential information; and

  2. At ad hoc locations within the system to track specific types of transactions of interest to the organization;

d. Analyze detected events and anomalies;

e. Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation;

f. Obtain legal opinion regarding system monitoring activities; and

g. Provide [Assignment: organization-defined system monitoring information] to [Assignment: organization-defined personnel or roles] [Selection (one-or-more): as needed; [Assignment: organization-defined frequency]].

SI-4 Additional FedRAMP Requirements and Guidance:

Guidance: See US-CERT Incident Response Reporting Guidelines.

Similar​

  • Sections
    • /frameworks/nist-sp-800-53-r5/si/04
  • Internal
    • ID: dec-c-d2e87396

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-4 System Monitoring2526

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό SI-4 System Monitoring (L)(M)(H)7
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό SI-4 System Monitoring (L)(M)(H)79

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό SI-4(1) System-wide Intrusion Detection System (M)(H)11
πŸ’Ό SI-4(2) Automated Tools and Mechanisms for Real-time Analysis (M)(H)
πŸ’Ό SI-4(4) Inbound and Outbound Communications Traffic (M)(H)79
πŸ’Ό SI-4(5) System-generated Alerts (M)(H)
πŸ’Ό SI-4(10) Visibility of Encrypted Communications (H)
πŸ’Ό SI-4(11) Analyze Communications Traffic Anomalies (H)
πŸ’Ό SI-4(12) Automated Organization-generated Alerts (H)
πŸ’Ό SI-4(14) Wireless Intrusion Detection (H)
πŸ’Ό SI-4(16) Correlate Monitoring Information (M)(H)
πŸ’Ό SI-4(18) Analyze Traffic and Covert Exfiltration (M)(H)
πŸ’Ό SI-4(19) Risk for Individuals (H)
πŸ’Ό SI-4(20) Privileged Users (H)4648
πŸ’Ό SI-4(22) Unauthorized Network Services (H)
πŸ’Ό SI-4(23) Host-based Devices (M)(H)

Policies (7)​

PolicyLogic CountFlags
πŸ“ AWS Account Multi-Region CloudTrail is not enabled 🟒1🟒 x6
πŸ“ AWS CloudTrail Log File Validation is not enabled 🟒1🟒 x6
πŸ“ Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure SQL Server Auditing is not enabled 🟒1🟒 x6
πŸ“ Azure SQL Server Auditing Retention is less than 90 days 🟒1🟒 x6
πŸ“ Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests 🟒1🟒 x6
πŸ“ Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests 🟒1🟒 x6

Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-36ced3d11
βœ‰οΈ dec-x-89d5ed7a1
βœ‰οΈ dec-x-611eaa351
βœ‰οΈ dec-x-850beea81
βœ‰οΈ dec-x-b1e1a4941
βœ‰οΈ dec-x-db1b7a1b1
βœ‰οΈ dec-z-3f480eb51