💼 SI-4 INFORMATION SYSTEM MONITORING

• ID: /frameworks/nist-sp-800-53-r4/si/04

Description

The organization: SI-4a. Monitors the information system to detect: SI-4a.1. Attacks and indicators of potential attacks in accordance with [Assignment: organization-defined monitoring objectives]; and SI-4a.2. Unauthorized local, network, and remote connections; SI-4b. Identifies unauthorized use of the information system through [Assignment: organization-defined techniques and methods]; SI-4c. Deploys monitoring devices: SI-4c.1. Strategically within the information system to collect organization-determined essential information; and SI-4c.2. At ad hoc locations within the system to track specific types of transactions of interest to the organization; SI-4d. Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion; SI-4e. Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information; SI-4f. Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and SI-4g. Provides [Assignment: organization-defined information system monitoring information] to [Assignment: organization-defined personnel or roles] [Selection (one or more): as needed; [Assignment: organization-defined frequency]].

Similar

• Internal
  • ID: dec-c-7b942c5d

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST CSF v1.1 → 💼 DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed		10	34		no data
💼 NIST CSF v1.1 → 💼 DE.AE-2: Detected events are analyzed to understand attack targets and methods		18	24		no data
💼 NIST CSF v1.1 → 💼 DE.AE-3: Event data are collected and correlated from multiple sources and sensors		18	38		no data
💼 NIST CSF v1.1 → 💼 DE.AE-4: Impact of events is determined		13	14		no data
💼 NIST CSF v1.1 → 💼 DE.CM-1: The network is monitored to detect potential cybersecurity events		18	63		no data
💼 NIST CSF v1.1 → 💼 DE.CM-5: Unauthorized mobile code is detected		11	12		no data
💼 NIST CSF v1.1 → 💼 DE.CM-6: External service provider activity is monitored to detect potential cybersecurity events		6	7		no data
💼 NIST CSF v1.1 → 💼 DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed		18	24		no data
💼 NIST CSF v1.1 → 💼 DE.DP-2: Detection activities comply with all applicable requirements		6	7		no data
💼 NIST CSF v1.1 → 💼 DE.DP-3: Detection processes are tested		13	14		no data
💼 NIST CSF v1.1 → 💼 DE.DP-4: Event detection information is communicated		29	33		no data
💼 NIST CSF v1.1 → 💼 DE.DP-5: Detection processes are continuously improved		13	16		no data
💼 NIST CSF v1.1 → 💼 ID.RA-1: Asset vulnerabilities are identified and documented		13	16		no data
💼 NIST CSF v1.1 → 💼 PR.DS-5: Protections against data leaks are implemented		47	91		no data
💼 NIST CSF v1.1 → 💼 PR.IP-8: Effectiveness of protection technologies is shared		6	7		no data
💼 NIST CSF v1.1 → 💼 RS.AN-1: Notifications from detection systems are investigated		18	24		no data
💼 NIST CSF v1.1 → 💼 RS.CO-3: Information is shared consistent with response plans		16	18		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 SI-4 (1) SYSTEM-WIDE INTRUSION DETECTION SYSTEM					no data
💼 SI-4 (2) AUTOMATED TOOLS FOR REAL-TIME ANALYSIS					no data
💼 SI-4 (3) AUTOMATED TOOL INTEGRATION					no data
💼 SI-4 (4) INBOUND AND OUTBOUND COMMUNICATIONS TRAFFIC					no data
💼 SI-4 (5) SYSTEM-GENERATED ALERTS					no data
💼 SI-4 (6) RESTRICT NON-PRIVILEGED USERS					no data
💼 SI-4 (7) AUTOMATED RESPONSE TO SUSPICIOUS EVENTS					no data
💼 SI-4 (8) PROTECTION OF MONITORING INFORMATION					no data
💼 SI-4 (9) TESTING OF MONITORING TOOLS					no data
💼 SI-4 (10) VISIBILITY OF ENCRYPTED COMMUNICATIONS					no data
💼 SI-4 (11) ANALYZE COMMUNICATIONS TRAFFIC ANOMALIES					no data
💼 SI-4 (12) AUTOMATED ALERTS					no data
💼 SI-4 (13) ANALYZE TRAFFIC _ EVENT PATTERNS					no data
💼 SI-4 (14) WIRELESS INTRUSION DETECTION					no data
💼 SI-4 (15) WIRELESS TO WIRELINE COMMUNICATIONS					no data
💼 SI-4 (16) CORRELATE MONITORING INFORMATION					no data
💼 SI-4 (17) INTEGRATED SITUATIONAL AWARENESS					no data
💼 SI-4 (18) ANALYZE TRAFFIC _ COVERT EXFILTRATION					no data
💼 SI-4 (19) INDIVIDUALS POSING GREATER RISK					no data
💼 SI-4 (20) PRIVILEGED USERS					no data
💼 SI-4 (21) PROBATIONARY PERIODS					no data
💼 SI-4 (22) UNAUTHORIZED NETWORK SERVICES					no data
💼 SI-4 (23) HOST-BASED DEVICES					no data
💼 SI-4 (24) INDICATORS OF COMPROMISE					no data

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ Google GCE Firewall Rule logging is disabled🟢	1	🟢 x6	no data