Show/Hide Toolbars

ABCI Consultants

Guidance for NIST 800-171 Assessment & Compliance

Navigation: SI-FAMILY: SYSTEM AND INFORMATION INTEGRITY

SI-4(7) INFORMATION SYSTEM MONITORING  |  AUTOMATED RESPONSE TO SUSPICIOUS EVENTS
Scroll Prev Top Next More

Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

 

 

 

 

 

 

 

 

 

 

 

 

###

si-4(7)

information system monitoring  | automated response to suspicious events

 

assessment objective:

Determine if:

si-4(7)[1]

the organization defines incident response personnel (identified by name and/or by role) to be notified of detected suspicious events;

si-4(7)[2]

the organization defines least-disruptive actions to be taken by the information system to terminate suspicious events;

si-4(7)[3]

the information system notifies organization-defined incident response personnel of detected suspicious events; and

si-4(7)[4]

the information system takes organization-defined least-disruptive actions to terminate suspicious events.

potential assessment methods and objects:

Examine: [select from: System and information integrity policy; procedures addressing information system monitoring tools and techniques; information system design documentation; information system monitoring tools and techniques documentation; information system configuration settings and associated documentation; alerts/notifications generated based on detected suspicious events; records of actions taken to terminate suspicious events; information system audit records; other relevant documents or records].

Interview: [select from: System/network administrators; organizational personnel with information security responsibilities; system developers; organizational personnel installing, configuring, and/or maintaining the information system; organizational personnel with responsibility for monitoring the information system; organizational personnel with responsibility for the intrusion detection system].

Test: [select from: Organizational processes for intrusion detection/information system monitoring; automated mechanisms supporting and/or implementing intrusion detection/information system monitoring capability; automated mechanisms supporting and/or implementing notifications to incident response personnel; automated mechanisms supporting and/or implementing actions to terminate suspicious events].

Hosted by ABCI Consultants for Information Security Management Systems | Implementations, Training and Assessments for Compliance | (800) 644-2056