💼 SI-4 System Monitoring

• ID: /frameworks/nist-sp-800-53-r5/si/04

Description

a. Monitor the system to detect:

1. Attacks and indicators of potential attacks in accordance with the following monitoring objectives: [Assignment: organization-defined monitoring objectives]; and
2. Unauthorized local, network, and remote connections; b. Identify unauthorized use of the system through the following techniques and methods: [Assignment: organization-defined techniques and methods]; c. Invoke internal monitoring capabilities or deploy monitoring devices:
3. Strategically within the system to collect organization-determined essential information; and
4. At ad hoc locations within the system to track specific types of transactions of interest to the organization; d. Analyze detected events and anomalies; e. Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; f. Obtain legal opinion regarding system monitoring activities; and g. Provide [Assignment: organization-defined system monitoring information] to [Assignment: organization-defined personnel or roles] [Selection (one or more): as needed; [Assignment: organization-defined frequency]].

Similar

• Sections
  • /frameworks/aws-fsbp-v1.0.0/cloudtrail/04
  • /frameworks/aws-fsbp-v1.0.0/codebuild/04
  • /frameworks/aws-fsbp-v1.0.0/ec2/51
  • /frameworks/aws-fsbp-v1.0.0/eks/08
  • /frameworks/aws-fsbp-v1.0.0/guardduty/01
  • /frameworks/aws-fsbp-v1.0.0/macie/01
  • /frameworks/aws-fsbp-v1.0.0/macie/02
  • /frameworks/aws-fsbp-v1.0.0/mq/02
  • /frameworks/aws-fsbp-v1.0.0/network-firewall/02
  • /frameworks/aws-fsbp-v1.0.0/transfer-family/03
• Internal
  • ID: dec-c-a8e96a81

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudTrail.4] CloudTrail log file validation should be enabled		1	1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CodeBuild.4] CodeBuild project environments should have a logging AWS Configuration					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.51] EC2 Client VPN endpoints should have client connection logging enabled					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EKS.8] EKS clusters should have audit logging enabled					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [GuardDuty.1] GuardDuty should be enabled			1		no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Macie.1] Amazon Macie should be enabled					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Macie.2] Macie automated sensitive data discovery should be enabled					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [MQ.2] ActiveMQ brokers should stream audit logs to CloudWatch					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [NetworkFirewall.2] Network Firewall logging should be enabled					no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Transfer.3] Transfer Family connectors should have logging enabled					no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 FedRAMP High Security Controls → 💼 SI-4 System Monitoring (L)(M)(H)	14	50	56		no data
💼 FedRAMP Low Security Controls → 💼 SI-4 System Monitoring (L)(M)(H)			8		no data
💼 NIST CSF v2.0 → 💼 DE.AE-02: Potentially adverse events are analyzed to better understand associated activities			35		no data
💼 NIST CSF v2.0 → 💼 DE.AE-03: Information is correlated from multiple sources			50		no data
💼 NIST CSF v2.0 → 💼 DE.CM-01: Networks and network services are monitored to find potentially adverse events			145		no data
💼 NIST CSF v2.0 → 💼 DE.CM-06: External service provider activities and services are monitored to find potentially adverse events			35		no data
💼 NIST CSF v2.0 → 💼 DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events			142		no data
💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations			26		no data
💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties			40		no data
💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities			41		no data
💼 NIST CSF v2.0 → 💼 ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded			31		no data
💼 NIST CSF v2.0 → 💼 PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected			148		no data
💼 NIST CSF v2.0 → 💼 PR.DS-02: The confidentiality, integrity, and availability of data-in-transit are protected			125		no data
💼 NIST CSF v2.0 → 💼 PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected			142		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 SI-4(1) System Monitoring _ System-wide Intrusion Detection System			1		no data
💼 SI-4(2) System Monitoring _ Automated Tools and Mechanisms for Real-time Analysis			1		no data
💼 SI-4(3) System Monitoring _ Automated Tool and Mechanism Integration					no data
💼 SI-4(4) System Monitoring _ Inbound and Outbound Communications Traffic		1	2		no data
💼 SI-4(5) System Monitoring _ System-generated Alerts			2		no data
💼 SI-4(6) System Monitoring _ Restrict Non-privileged Users					no data
💼 SI-4(7) System Monitoring _ Automated Response to Suspicious Events					no data
💼 SI-4(8) System Monitoring _ Protection of Monitoring Information					no data
💼 SI-4(9) System Monitoring _ Testing of Monitoring Tools and Mechanisms					no data
💼 SI-4(10) System Monitoring _ Visibility of Encrypted Communications					no data
💼 SI-4(11) System Monitoring _ Analyze Communications Traffic Anomalies					no data
💼 SI-4(12) System Monitoring _ Automated Organization-generated Alerts			1		no data
💼 SI-4(13) System Monitoring _ Analyze Traffic and Event Patterns			1		no data
💼 SI-4(14) System Monitoring _ Wireless Intrusion Detection					no data
💼 SI-4(15) System Monitoring _ Wireless to Wireline Communications					no data
💼 SI-4(16) System Monitoring _ Correlate Monitoring Information					no data
💼 SI-4(17) System Monitoring _ Integrated Situational Awareness					no data
💼 SI-4(18) System Monitoring _ Analyze Traffic and Covert Exfiltration					no data
💼 SI-4(19) System Monitoring _ Risk for Individuals					no data
💼 SI-4(20) System Monitoring _ Privileged Users			5		no data
💼 SI-4(21) System Monitoring _ Probationary Periods					no data
💼 SI-4(22) System Monitoring _ Unauthorized Network Services			1		no data
💼 SI-4(23) System Monitoring _ Host-based Devices					no data
💼 SI-4(24) System Monitoring _ Indicators of Compromise					no data
💼 SI-4(25) System Monitoring _ Optimize Network Traffic Analysis			1		no data

Policies (3)

Policy	Logic Count	Flags	Compliance
🛡️ AWS CloudTrail Log File Validation is not enabled🟢	1	🟢 x6	no data
🛡️ AWS GuardDuty is not enabled in all regions🟢	1	🟢 x6	no data
🛡️ Google GCE Subnetwork Flow Logs are not enabled🟢	1	🟢 x6	no data