Back

Include continuous security warning monitoring procedures in the internal control framework.


CONTROL ID
01358
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an internal control framework., CC ID: 00820

This Control has the following implementation support Control(s):
  • Include incident alert thresholds in the continuous security warning monitoring procedures., CC ID: 13205


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • T41.3: The organization shall keep up with current trends in security technology and evaluate the compatibility, stability, and usability before implementing a security technology. T43.9: The organization shall keep up with the latest trends in security technologies used to connect to the Internet a… (T41.3, T43.9, T49.4, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • A bank needs to have robust monitoring processes in place to identify events and unusual activity patterns that could impact on the security of IT assets. The strength of the monitoring controls needs to be proportionate to the criticality of an IT asset. Alerts would need to be investigated in a ti… (Critical components of information security 17) i., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • The organization should monitor sources for information about security patches and new vulnerabilities. (Control: 0297, Australian Government Information Security Manual: Controls)
  • Relevant sources should be continuously monitored for security alerts about new vulnerabilities that could affect the organization's systems. (§ 3.5.14, § 3.7.29, Australian Government ICT Security Manual (ACSI 33))
  • How does each policy "owner" stay current? (Table Row II.5, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Does the organization conduct cyber intelligence gathering? (Table Row III.1, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Does the cyber intelligence reporting include malicious code? (Table Row III.3, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Does the cyber intelligence reporting include geopolitical threats? (Table Row III.3, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Does the cyber intelligence reporting include known and unknown vulnerabilities? (Table Row III.3, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Does the cyber intelligence reporting include predictive analysis related to emerging cyber threats? (Table Row III.3, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Does the organization subscribe to alerts on the latest threats and vulnerabilities? (Table Row VII.14, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Verify that responsibility for monitoring and analyzing security alerts and distributing information to appropriate Information Security and business unit management personnel is formally assigned. (§ 12.5.2, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0)
  • Interview responsible personnel to verify that processes are implemented to identify and rank new security vulnerabilities. (§ 6.2.a, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0)
  • Examine the policies and procedures to verify there are defined processes for using reputable outside sources for gathering its security vulnerability information. (Testing Procedures § 6.1.a Bullet 3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
  • Interview responsible personnel and observe processes to verify that the processes used to identify new security vulnerabilities include using a reputable outside source for the vulnerability information. (Testing Procedures § 6.1.b Bullet 3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
  • Verify the responsibility for monitoring and analyzing security alerts and distributing the information to appropriate personnel has been formally assigned. (Testing Procedures § 12.5.2, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
  • Verify that responsibility for monitoring and analyzing security alerts and distributing information to appropriate information security and business unit management personnel is formally assigned. (§ 12.5.2 Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
  • Interview responsible personnel to verify that processes are implemented to identify and rank new security vulnerabilities. (§ 6.2.a Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
  • The Information Security policies and procedures must formally assign an individual or team the responsibility for monitoring for and analyzing security alerts and information, and distributing the information to the appropriate personnel. (PCI DSS Requirements § 12.5.2, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0)
  • Procedures should be in place to identify new security vulnerabilities via security information sources, such as security alert services, that can be subscribed to free over the Internet. These procedures should be applied to all software that comes with the payment application. (§ 7.1, Payment Card Industry (PCI) Payment Application Data Security Standard, Version 1.1)
  • Examine documentation and observe incident response processes to verify that monitoring and responding to alerts from security monitoring systems are covered in the security incident response plan, including but not limited to the systems specified in this requirement. (12.10.5, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
  • Is the information security management responsibilities for monitoring and analyzing security alerts and information, and distributing to appropriate personnel formally assigned to an individual or a team? (PCI DSS Question 12.5.2, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
  • Is the information security management responsibilities for monitoring and analyzing security alerts and information, and distributing to appropriate personnel formally assigned to an individual or a team? (PCI DSS Question 12.5.2, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
  • Local information security co-ordinators shall have up-to-date information related to Information Security issues (e.g., users' security requirements, emerging threats, and newly discovered vulnerabilities) and techniques (e.g., information risk assessment methodologies, forensic investigation softw… (CF.12.02.03e, The Standard of Good Practice for Information Security)
  • The information security function should gather and analyze internal and external intelligence information about emerging and changing threats (e.g., cybercrime, identity theft, spear phishing, and cyber-espionage attacks). (CF.01.02.06a, The Standard of Good Practice for Information Security)
  • The information security function should gather and analyze internal and external intelligence information about known vulnerabilities and exploits associated with key Operating Systems, applications, and other software (e.g., using vendor websites and mailing lists). (CF.01.02.06b, The Standard of Good Practice for Information Security)
  • Cybercrime-related intelligence relating to the development of attacks should be reviewed on a regular basis (e.g., by a cybercrime specialist and business representative) to determine the techniques used by criminals to perform cybercrime-related attacks (to help detect them). (CF.11.02.05c, The Standard of Good Practice for Information Security)
  • Local information security co-ordinators shall have up-to-date information related to Information Security issues (e.g., users' security requirements, emerging threats, and newly discovered vulnerabilities) and techniques (e.g., information risk assessment methodologies, forensic investigation softw… (CF.12.02.03e, The Standard of Good Practice for Information Security, 2013)
  • The information security function should gather and analyze internal and external intelligence information about emerging and changing threats (e.g., cybercrime, identity theft, spear phishing, and cyber-espionage attacks). (CF.01.02.06a, The Standard of Good Practice for Information Security, 2013)
  • The information security function should gather and analyze internal and external intelligence information about known vulnerabilities and exploits associated with key Operating Systems, applications, and other software (e.g., using vendor websites and mailing lists). (CF.01.02.06b, The Standard of Good Practice for Information Security, 2013)
  • Cybercrime-related intelligence relating to the development of attacks should be reviewed on a regular basis (e.g., by a cybercrime specialist and business representative) to determine the techniques used by criminals to perform cybercrime-related attacks (to help detect them). (CF.11.02.05c, The Standard of Good Practice for Information Security, 2013)
  • There should be documented standards / procedures for system and software vulnerability management which specify the method of identifying the publication or discovery of technical vulnerabilities (e.g., in the public domain), in a timely manner. (CF.10.01.01b, The Standard of Good Practice for Information Security, 2013)
  • A formal process should be created for reviewing security alerts. (Action 1.1.1 ¶ 2, SANS Computer Security Incident Handling, Version 2.3.1)
  • The organization should connect the software inventory to the vulnerability / threat intelligence services, so vulnerable software can be fixed proactively. (Critical Control 2.4, Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0)
  • The organization should subscribe to services that will keep them up to date on emerging vulnerabilities. (Critical Control 4.4, Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0)
  • The organization should monitor for information about medical networks that are similar to yours. (§ 4.6.1 ¶ 2(d), Application of risk management for IT-networks incorporating medical devices Part 1: Roles, responsibilities and activities, Edition 1.0 2010-10)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Intelligence or threat warnings received from sources such as law enforcement, the Electric Reliability Organization (ERO), the Electricity Sector Information Sharing and Analysis Center (ES-ISAC), U.S. federal and/or Canadian governmental agencies, or their successors. (B. R4. 4.3., North American Electric Reliability Corporation Critical Infrastructure Protection Standards Physical Security CIP-014-2, Version 2)
  • Does the information security function monitor significant changes in the exposure of information assets? (§ C.1.7, Shared Assessments Standardized Information Gathering Questionnaire - C. Organizational Security, 7.0)
  • Does the process of patching systems and applications include using third party alert services to keep up to date with the latest vulnerabilities? (§ I.3.5, Shared Assessments Standardized Information Gathering Questionnaire - I. Information Systems Acquisition Development & Maintenance, 7.0)
  • Technical security vulnerabilities should be reported to the appropriate individual(s). Confirmed vulnerabilities, along with solutions, should be distributed to all involved organizations. (§ 2-29, Army Regulation 380-19: Information Systems Security, February 27, 1998)
  • Business partner system security officers are recommended to subscribe to the DISA STIG-News mailing list (http://iase.disa.mil/help/mailing-list.html). (§ 3.10.2 ¶ 1, CMS Business Partners Systems Security Manual, Rev. 10)
  • The federal bureau of investigation criminal justice information services division information security officer shall be the Point Of Contact for distributing security alerts to the Information Security Officers. (§ 3.2.10(4), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • The federal bureau of investigation criminal justice information services division shall serve as a central Clearinghouse for reported security alerts, security incidents, security bulletins, and other security-related material. (§ 5.3.1.1.1(2), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • The federal bureau of investigation criminal justice information services division shall disseminate product security bulletins, security clips, virus bulletins, system threats, and Operating System vulnerabilities promptly by the use of the security policy resource center on fbi.gov. (§ 5.3.1.1.1(4), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • The agency shall receive Information System security alerts and advisories on a regular basis. (§ 5.10.4.5(1), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • The agency shall document the type of action to take in response to security alerts and advisories. (§ 5.10.4.5(3), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • The agency shall take the appropriate actions in response to security alerts and advisories. (§ 5.10.4.5(4), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • Externally identified threats (e.g., cybersecurity alerts, pandemic alerts, or emergency warnings published by information-sharing organizations and government agencies). (App A Objective 1:4c, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • The organization should continuously monitor the federal and state warning systems. (Pg C-2, FFIEC IT Examination Handbook - Business Continuity Planning, March 2008)
  • The organization should maintain ongoing awareness for new security threats and vulnerabilities by joining information security mailing lists and other security sources. (Pg 28, FFIEC IT Examination Handbook - E-Banking, August 2003)
  • The service provider must define a list of security, monitoring, and/or system administration personnel, identified by role and/or name, who are to receive advisories, directives, and security alerts, including designated federal risk and authorization management program personnel. (Column F: SI-5c, FedRAMP Baseline Security Controls)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; (SI-4e., FedRAMP Security Controls High Baseline, Version 5)
  • Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; (SI-4e., FedRAMP Security Controls Low Baseline, Version 5)
  • Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; (SI-4e., FedRAMP Security Controls Moderate Baseline, Version 5)
  • The organization must monitor regularly for security alerts/advisories, ensure the appropriate individuals receive notice, and ensure any necessary actions are taken. (§ 5.6.16, Exhibit 4 SI-5, IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return Information)
  • Monitoring systems and procedures to detect actual and attempted attacks on or intrusions into member information systems; (§ 748 Appendix A. III.C.1.f., 12 CFR Part 748, NCUA Guidelines for Safeguarding Member Information, July 1, 2001)
  • Are industry advisories and vendor advisories monitored on a regular basis and appropriate actions are taken to protect the Credit Union's information assets and member data? (IT - Security Program Q 21, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Does the Credit Union monitor security alert organizations on a regular basis for notices about Wireless Local Area Network devices and Wireless Wide Area Network devices? (IT - WLANS Q 26, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Assign levels of significance to each vulnerability identified during a facility audit. (§ 4.10.1 Bullet 2, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, NIST SP 800-66, Revision 1)
  • Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; (SI-4e., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; (SI-4e., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; (SI-4e., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; (SI-4e., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; (SI-4e., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Flow Down Controls)
  • Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; (SI-4e., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
  • Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; (SI-4e., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; (SI-4e., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • The organization should designate an individual to be responsible for tracking WLAN security vulnerabilities and wireless security trends. (Table 8-5 Item 57, Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i, NIST SP 800-97, February 2007)
  • Certification, Accreditation, and Security Assessments (CA): Organizations must: (i) periodically assess the security controls in organizational information systems to determine if the controls are effective in their application; (ii) develop and implement plans of action designed to correct deficie… (§ 3, FIPS Pub 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006)
  • Newly identified vulnerabilities are mitigated or documented as accepted risks. (RS.MI-3, Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0)
  • Organizational records and documents should be examined to ensure the organization receives security alerts and advisories; the alerts and advisories are disseminated; appropriate actions are taken, if necessary; if any actions are taken, the date, time, and action taken are recorded; automated mech… (SI-5, SI-5(1), Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A)
  • The organization should appoint an individual to track new threats and vulnerabilities and new Bluetooth technology enhancements and standards to ensure Bluetooth devices continue to be secure. (Table 4-2 Item 31, Guide to Bluetooth Security, NIST SP 800-121, September 2008)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • § 6.1(Consider designating an individual) The organization should designate an individual to monitor advancements in IEEE 802.11 security standards and features and to monitor newly identified vulnerabilities and threats to the wireless network. § 6.3.5 Legacy IEEE 802.11 product vendors correct … (§ 6.1(Consider designating an individual), § 6.3.5, Guide to Securing Legacy IEEE 802.11 Wireless Networks, NIST SP 800-48, Revision 1)
  • Use the continuous monitoring data to make information security investment decisions to address persistent issues. (T1005, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • The organization must update the smart grid Information System vulnerability list on a defined frequency or when new vulnerabilities are identified. (SG.RA-6 Requirement 5, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization must receive security alerts, security directives, and security advisories from external organizations. (SG.SI-5 Requirement 1, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization must receive security alerts, advisories, and directives from external organizations regularly. (App F § SI-5.a, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization must generate internal security alerts, advisories, and directives. (App F § SI-5.b, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • Certain events can trigger the need to immediately assess the state of the Information System and could require the modification or updating of the security controls. Events include the following: any credible, newly identified, Information System related threat to assets, operations, individuals, o… (§ 3.4, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • Use the continuous monitoring data to make information security investment decisions to address persistent issues. (T1005, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • The organization heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible … (SI-4e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization receives information system security alerts, advisories, and directives from {organizationally documented external organizations} on an ongoing basis. (SI-5a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization generates internal security alerts, advisories, and directives as deemed necessary. (SI-5b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization disseminates security alerts, advisories, and directives to: {organizationally documented personnel or roles}. (SI-5c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization disseminates security alerts, advisories, and directives to: {organizationally documented elements within the organization}. (SI-5c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization disseminates security alerts, advisories, and directives to: {organizationally documented external organizations}. (SI-5c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance. (SI-5d., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization establishes and institutionalizes contact with selected groups and associations within the security community to share current security-related information including threats, vulnerabilities, and incidents. (PM-15c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible … (SI-4e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization receives information system security alerts, advisories, and directives from {organizationally documented external organizations} on an ongoing basis. (SI-5a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization generates internal security alerts, advisories, and directives as deemed necessary. (SI-5b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization disseminates security alerts, advisories, and directives to: {organizationally documented personnel or roles}. (SI-5c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization disseminates security alerts, advisories, and directives to: {organizationally documented elements within the organization}. (SI-5c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization disseminates security alerts, advisories, and directives to: {organizationally documented external organizations}. (SI-5c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance. (SI-5d., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible … (SI-4e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization receives information system security alerts, advisories, and directives from {organizationally documented external organizations} on an ongoing basis. (SI-5a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization generates internal security alerts, advisories, and directives as deemed necessary. (SI-5b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization disseminates security alerts, advisories, and directives to: {organizationally documented personnel or roles}. (SI-5c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization disseminates security alerts, advisories, and directives to: {organizationally documented elements within the organization}. (SI-5c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization disseminates security alerts, advisories, and directives to: {organizationally documented external organizations}. (SI-5c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance. (SI-5d., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible … (SI-4e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization receives information system security alerts, advisories, and directives from {organizationally documented external organizations} on an ongoing basis. (SI-5a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization generates internal security alerts, advisories, and directives as deemed necessary. (SI-5b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization disseminates security alerts, advisories, and directives to: {organizationally documented personnel or roles}. (SI-5c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization disseminates security alerts, advisories, and directives to: {organizationally documented elements within the organization}. (SI-5c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization disseminates security alerts, advisories, and directives to: {organizationally documented external organizations}. (SI-5c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance. (SI-5d. Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; (SI-4e., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; (SI-4e., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e., TX-RAMP Security Controls Baseline Level 1)
  • Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of inform… (SI-4e., TX-RAMP Security Controls Baseline Level 2)