SI-4(7): Automated Response to Suspicious Events
Control Family:
Parent Control:
CSF v1.1 References:
Threats Addressed:
Baselines:
(Not part of any baseline)
Previous Version:
- NIST Special Publication 800-53 Revision 4:
- SI-4(7): Automated Response To Suspicious Events
Control Statement
- Notify [Assignment: organization-defined incident response personnel (identified by name and/or by role)] of detected suspicious events; and
- Take the following actions upon detection: [Assignment: organization-defined least-disruptive actions to terminate suspicious events].
Supplemental Guidance
Least-disruptive actions include initiating requests for human responses.