DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

Ex1: Monitor email, web, file sharing, collaboration services, and other common attack vectors to detect malware, phishing, data leaks and exfiltration, and other adverse events

Ex2: Monitor authentication attempts to identify attacks against credentials and unauthorized credential reuse

Ex3: Monitor software configurations for deviations from security baselines

Ex4: Monitor hardware and software for signs of tampering

Ex5: Use technologies with a presence on endpoints to detect cyber health issues (e.g., missing patches, malware infections, unauthorized software), and redirect the endpoints to a remediation environment before access is authorized

1st: 1st Party Risk