Skip to main content

πŸ’Ό SI-4 System Monitoring

Description​

a. Monitor the system to detect:

  1. Attacks and indicators of potential attacks in accordance with the following monitoring objectives: [Assignment: organization-defined monitoring objectives]; and
  2. Unauthorized local, network, and remote connections; b. Identify unauthorized use of the system through the following techniques and methods: [Assignment: organization-defined techniques and methods]; c. Invoke internal monitoring capabilities or deploy monitoring devices:
  3. Strategically within the system to collect organization-determined essential information; and
  4. At ad hoc locations within the system to track specific types of transactions of interest to the organization; d. Analyze detected events and anomalies; e. Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; f. Obtain legal opinion regarding system monitoring activities; and g. Provide [Assignment: organization-defined system monitoring information] to [Assignment: organization-defined personnel or roles] [Selection (one or more): as needed; [Assignment: organization-defined frequency]].

Similar​

  • Sections
    • /frameworks/aws-fsbp-v1.0.0/cloudtrail/04
    • /frameworks/aws-fsbp-v1.0.0/codebuild/04
    • /frameworks/aws-fsbp-v1.0.0/ec2/51
    • /frameworks/aws-fsbp-v1.0.0/eks/08
    • /frameworks/aws-fsbp-v1.0.0/guardduty/01
    • /frameworks/aws-fsbp-v1.0.0/macie/01
    • /frameworks/aws-fsbp-v1.0.0/macie/02
    • /frameworks/aws-fsbp-v1.0.0/mq/02
    • /frameworks/aws-fsbp-v1.0.0/network-firewall/02
    • /frameworks/aws-fsbp-v1.0.0/transfer-family/03
  • Internal
    • ID: dec-c-a8e96a81

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CloudTrail.4] CloudTrail log file validation should be enabled11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CodeBuild.4] CodeBuild project environments should have a logging AWS Configuration
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.51] EC2 Client VPN endpoints should have client connection logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EKS.8] EKS clusters should have audit logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [GuardDuty.1] GuardDuty should be enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Macie.1] Amazon Macie should be enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Macie.2] Macie automated sensitive data discovery should be enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [MQ.2] ActiveMQ brokers should stream audit logs to CloudWatch
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [NetworkFirewall.2] Network Firewall logging should be enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Transfer.3] Transfer Family connectors should have logging enabled

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SI-4 System Monitoring (L)(M)(H)144851
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό SI-4 System Monitoring (L)(M)(H)7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.AE-02: Potentially adverse events are analyzed to better understand associated activities26
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.AE-03: Information is correlated from multiple sources26
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-01: Networks and network services are monitored to find potentially adverse events83
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-06: External service provider activities and services are monitored to find potentially adverse events27
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events89
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-01: Improvements are identified from evaluations10
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties23
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities24
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded22
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected82
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.DS-02: The confidentiality, integrity, and availability of data-in-transit are protected69
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected67

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό SI-4(1) System Monitoring _ System-wide Intrusion Detection System
πŸ’Ό SI-4(2) System Monitoring _ Automated Tools and Mechanisms for Real-time Analysis
πŸ’Ό SI-4(3) System Monitoring _ Automated Tool and Mechanism Integration
πŸ’Ό SI-4(4) System Monitoring _ Inbound and Outbound Communications Traffic22
πŸ’Ό SI-4(5) System Monitoring _ System-generated Alerts
πŸ’Ό SI-4(6) System Monitoring _ Restrict Non-privileged Users
πŸ’Ό SI-4(7) System Monitoring _ Automated Response to Suspicious Events
πŸ’Ό SI-4(8) System Monitoring _ Protection of Monitoring Information
πŸ’Ό SI-4(9) System Monitoring _ Testing of Monitoring Tools and Mechanisms
πŸ’Ό SI-4(10) System Monitoring _ Visibility of Encrypted Communications
πŸ’Ό SI-4(11) System Monitoring _ Analyze Communications Traffic Anomalies
πŸ’Ό SI-4(12) System Monitoring _ Automated Organization-generated Alerts
πŸ’Ό SI-4(13) System Monitoring _ Analyze Traffic and Event Patterns
πŸ’Ό SI-4(14) System Monitoring _ Wireless Intrusion Detection
πŸ’Ό SI-4(15) System Monitoring _ Wireless to Wireline Communications
πŸ’Ό SI-4(16) System Monitoring _ Correlate Monitoring Information
πŸ’Ό SI-4(17) System Monitoring _ Integrated Situational Awareness
πŸ’Ό SI-4(18) System Monitoring _ Analyze Traffic and Covert Exfiltration
πŸ’Ό SI-4(19) System Monitoring _ Risk for Individuals
πŸ’Ό SI-4(20) System Monitoring _ Privileged Users3
πŸ’Ό SI-4(21) System Monitoring _ Probationary Periods
πŸ’Ό SI-4(22) System Monitoring _ Unauthorized Network Services
πŸ’Ό SI-4(23) System Monitoring _ Host-based Devices
πŸ’Ό SI-4(24) System Monitoring _ Indicators of Compromise
πŸ’Ό SI-4(25) System Monitoring _ Optimize Network Traffic Analysis

Policies (1)​

PolicyLogic CountFlags
πŸ“ AWS CloudTrail Log File Validation is not enabled 🟒1🟒 x6