💼 SI-4 System Monitoring (L)(M)(H)
- ID:
/frameworks/fedramp-moderate-security-controls/si/04
Description
a. Monitor the system to detect:
-
Attacks and indicators of potential attacks in accordance with the following monitoring objectives: [Assignment: organization-defined monitoring objectives]; and
-
Unauthorized local, network, and remote connections;
b. Identify unauthorized use of the system through the following techniques and methods: [Assignment: organization-defined techniques and methods];
c. Invoke internal monitoring capabilities or deploy monitoring devices:
-
Strategically within the system to collect organization-determined essential information; and
-
At ad hoc locations within the system to track specific types of transactions of interest to the organization;
d. Analyze detected events and anomalies;
e. Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation;
f. Obtain legal opinion regarding system monitoring activities; and
g. Provide [Assignment: organization-defined system monitoring information] to [Assignment: organization-defined personnel or roles] [Selection (one-or-more): as needed; [Assignment: organization-defined frequency]].
SI-4 Additional FedRAMP Requirements and Guidance:
Guidance: See US-CERT Incident Response Reporting Guidelines.
Similar
- Sections
/frameworks/fedramp-high-security-controls/si/04
- Internal
- ID:
dec-c-d2e87396
- ID:
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 SI-4 System Monitoring (L)(M)(H) | 14 | 50 | 56 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 SI-4(1) System-wide Intrusion Detection System (M)(H) | 2 | no data | |||
| 💼 SI-4(2) Automated Tools and Mechanisms for Real-time Analysis (M)(H) | 1 | no data | |||
| 💼 SI-4(4) Inbound and Outbound Communications Traffic (M)(H) | 8 | no data | |||
| 💼 SI-4(5) System-generated Alerts (M)(H) | 2 | no data | |||
| 💼 SI-4(16) Correlate Monitoring Information (M)(H) | no data | ||||
| 💼 SI-4(18) Analyze Traffic and Covert Exfiltration (M)(H) | no data | ||||
| 💼 SI-4(23) Host-based Devices (M)(H) | no data |
Policies (8)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS CloudTrail Log File Validation is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS GuardDuty is not enabled in all regions🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure SQL Server Auditing is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure SQL Server Auditing Retention is less than 90 days🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Subnetwork Flow Logs are not enabled🟢 | 1 | 🟢 x6 | no data |