SI-4(16): Correlate Monitoring Information

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The organization correlates information from monitoring tools employed throughout the information system.

Supplemental Guidance

Correlating information from different monitoring tools can provide a more comprehensive view of information system activity. The correlation of monitoring tools that usually work in isolation (e.g., host monitoring, network monitoring, anti-virus software) can provide an organization-wide view and in so doing, may reveal otherwise unseen attack patterns. Understanding the capabilities/limitations of diverse monitoring tools and how to maximize the utility of information generated by those tools can help organizations to build, operate, and maintain effective monitoring programs.