SI-4(7): Automated Response to Suspicious Events

Control Family:

System and Information Integrity

Parent Control:

SI-4: System Monitoring

CSF v1.1 References:

Threats Addressed:

Baselines:

(Not part of any baseline)

Previous Version:

Control Statement

  1. Notify [Assignment: organization-defined incident response personnel (identified by name and/or by role)] of detected suspicious events; and
  2. Take the following actions upon detection: [Assignment: organization-defined least-disruptive actions to terminate suspicious events].

Supplemental Guidance

Least-disruptive actions include initiating requests for human responses.

Related Controls

Critical Security Controls Version 7.1