SI-4(13): Analyze Traffic / Event Patterns

Control Family:

System And Information Integrity

Parent Control:

SI-4: Information System Monitoring

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

Threats Addressed:

Lateral Movement

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SI-4(13): Analyze Traffic and Event Patterns

Control Statement

The organization:

Analyzes communications traffic/event patterns for the information system;
Develops profiles representing common traffic patterns and/or events; and
Uses the traffic/event profiles in tuning system-monitoring devices to reduce the number of false positives and the number of false negatives.