13.1: Centralize Security Event Alerting

CSF v2.0 References:

Group:

Previous Version:

Control Statement

Centralize security event alerting across enterprise assets for log correlation and analysis. Best practice implementation requires the use of a SIEM, which includes vendor-defined event correlation alerts. A log analytics platform configured with security-relevant correlation alerts also satisfies this Safeguard.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]