Back

Monitor the organization's exposure to threats, as necessary.


CONTROL ID
06494
CONTROL TYPE
Monitor and Evaluate Occurrences
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a risk monitoring program., CC ID: 00658

This Control has the following implementation support Control(s):
  • Monitor and evaluate environmental threats., CC ID: 13481


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The TRM function has a role to assist business units and IT functions in performing the technology risk management process which identifies, measures, monitors and controls technology-related risks. In addition, this function helps to ensure awareness of, and compliance with, the AI’s IT control p… (2.3.3, Hong Kong Monetary Authority: TM-G-1: General Principles for Technology Risk Management, V.1 – 24.06.03)
  • Monitoring and assessing the latest cybersecurity threats and attacks; (3.1. ¶ 1 (f), Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading)
  • Infrastructure and software analysis (Critical components of information security 22) iii. Bullet 8, Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • System owners monitor each system, and associated cyber threats, security risks and controls, on an ongoing basis. (Control: ISM-1526; Revision: 2, Australian Government Information Security Manual, June 2023)
  • System owners monitor each system, and associated cyber threats, security risks and controls, on an ongoing basis. (Control: ISM-1526; Revision: 2, Australian Government Information Security Manual, September 2023)
  • The organization should monitor sources for information about security patches and new vulnerabilities. (Control: 0297, Australian Government Information Security Manual: Controls)
  • Timely identification and remediation of new threats (Attachment G Control Objective Row 13, APRA Prudential Practice Guide CPG 234 Information Security, June 2019)
  • An APRA-regulated entity must actively maintain its information security capability with respect to changes in vulnerabilities and threats, including those resulting from changes to information assets or its business environment. (17., Australian Prudential Regulation Authority Prudential Standard CPS 234 Information Security, CPS 234 – 1)
  • Financial institutions should ensure that they continuously monitor threats and vulnerabilities relevant to their business processes, supporting functions and information assets and should regularly review the risk scenarios impacting them. (3.3.3 21, Final Report EBA Guidelines on ICT and security risk management)
  • potential internal and external threats. (3.4.5 38(c), Final Report EBA Guidelines on ICT and security risk management)
  • A financial institution should appropriately monitor and mitigate risks deriving from their portfolio of ICT projects (programme management), considering also risks that may result from interdependencies between different projects and from dependencies of multiple projects on the same resources and/… (3.6.1 62, Final Report EBA Guidelines on ICT and security risk management)
  • Financial institutions should establish and implement processes and organisation structures to identify and constantly monitor security threats that could materially affect their abilities to provide services. Financial institutions should actively monitor technological developments to ensure that t… (3.4.5 39, Final Report EBA Guidelines on ICT and security risk management)
  • monitoring and analysing cyber threats, vulnerabilities and incidents at national level and, upon request, providing assistance to essential and important entities concerned regarding real-time or near real-time monitoring of their network and information systems; (Article 11 3 ¶ 1(a), DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive))
  • Financial entities shall monitor the effectiveness of the implementation of their digital operational resilience strategy set out in Article 6(8). They shall map the evolution of ICT risk over time, analyse the frequency, types, magnitude and evolution of ICT-related incidents, in particular cyber-a… (Art. 13.4., Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance))
  • The IT systems which the cloud provider uses for the development and rendering of the cloud service are checked automatically for known ulnerabilities at least once a month. In the event of deviations from the expected configurations (for example, the expected patch level), the reasons for this are … (Section 5.6 RB-21 Basic requirement ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
  • Important: If relevant threats are not considered, this may produce gaps in the resulting security concept. If in doubt a careful analysis of whether and (if so) which threats may still be missing should therefore be performed. For this, it is often advisable to rely on external consulting services. (§ 4.2 ¶ 9, The Federal Office for Information Security, BSI-Standard 200-3, Risk Analysis based on IT-Grundschutz, Version 1.0)
  • For user-defined modules, the threats must be checked at regular intervals and evaluated again. Since the target objects covered by user-defined modules exceed the normal application of the IT-Grundschutz Compendium, the activities for monitoring risks described here must be taken into consideration… (§ 6.2 ¶ 4, The Federal Office for Information Security, BSI-Standard 200-3, Risk Analysis based on IT-Grundschutz, Version 1.0)
  • Measures for limiting the impact of threats are identified and implemented. (3.1.2 Requirements (must) Bullet 3, Information Security Assessment, Version 5.1)
  • Does the organization have an asset based threat profile? (Table Row I.17, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Does the policy management software map the threat intelligence to the protected assets of the organization? (Table Row II.18, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Does the penetration testing describe threats in terms of who, how, and when? (Table Row X.3.a, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Ensure monitoring is targeted to detect and deter major incidents. (§ 6, A Ten Step Process for Forensic Readiness)
  • Identify new or changing threats or compliance standards and updates needed; include in annual update. (§ 4 ¶ 4 Bullet 2, Information Supplement: Best Practices for Implementing a Security Awareness Program, Version 1.0)
  • Interview personnel to verify that evolving malware threats are monitored and evaluated to confirm if systems that are not commonly affected by malicious software continue to not require anti-virus software. (Testing Procedures § 5.1.2, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
  • Interview responsible personnel and examine the penetration testing procedures to verify they include reviewing and considering all threats and vulnerabilities experienced over the last 12 months. (Testing Procedures § 11.3 Bullet 7, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
  • A penetration testing methodology must be implemented that includes reviewing and considering the threats and vulnerabilities experienced during the last 12 months. (Note: this is a Best Practice and will become a requirement after june 30, 2015. The v2.0 penetration testing requirements must be fol… (PCI DSS Requirements § 11.3 Bullet 7, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0)
  • Implement a methodology for penetration testing that includes the following: - Is based on industry-accepted penetration testing approaches (for example, NIST SP800-115) - Includes coverage for the entire CDE perimeter and critical systems - Includes testing from both inside and outside the network … (11.3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.1 April 2015)
  • Implement a methodology for penetration testing that includes the following: - Is based on industry-accepted penetration testing approaches (for example, NIST SP800-115) - Includes coverage for the entire CDE perimeter and critical systems - Includes testing from both inside and outside the network … (11.3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)
  • Implement a methodology for penetration testing that includes the following: - Is based on industry-accepted penetration testing approaches (for example, NIST SP800-115) - Includes coverage for the entire CDE perimeter and critical systems - Includes testing from both inside and outside the network … (11.3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2)
  • For public-facing web applications, are new threats and vulnerabilities addressed on an ongoing basis, and are these applications protected against known attacks by applying either of the following methods? - Reviewing public-facing web applications via manual or automated application vulnerability… (6.6, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
  • Does the penetration-testing methodology include the following? - Is based on industry-accepted penetration testing approaches (for example, NIST SP800-115) - Includes coverage for the entire CDE perimeter and critical systems - Includes testing from both inside and outside the network - Includes te… (11.3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
  • Does the penetration-testing methodology include the following? - Is based on industry-accepted penetration testing approaches (for example, NIST SP800-115) - Includes coverage for the entire CDE perimeter and critical systems - Includes testing from both inside and outside the network - Includes te… (11.3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.2)
  • For public-facing web applications, are new threats and vulnerabilities addressed on an ongoing basis, and are these applications protected against known attacks by applying either of the following methods? - Reviewing public-facing web applications via manual or automated application vulnerability… (6.6, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.2)
  • Does the penetration-testing methodology include the following? - Is based on industry-accepted penetration testing approaches (for example, NIST SP800-115) - Includes coverage for the entire CDE perimeter and critical systems - Includes testing from both inside and outside the network - Includes te… (11.3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.1)
  • For public-facing web applications, are new threats and vulnerabilities addressed on an ongoing basis, and are these applications protected against known attacks by applying either of the following methods? - Reviewing public-facing web applications via manual or automated application vulnerability … (6.6, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.1)
  • For public-facing web applications, are new threats and vulnerabilities addressed on an ongoing basis, and are these applications protected against known attacks by applying either of the following methods? - Reviewing public-facing web applications via manual or automated application vulnerability … (6.6, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.2)
  • Does the penetration-testing methodology include the following? - Is based on industry-accepted penetration testing approaches (for example, NIST SP800-115) - Includes coverage for the entire CDE perimeter and critical systems - Includes testing from both inside and outside the network - Includes te… (11.3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.2)
  • Does the penetration-testing methodology include the following? - Is based on industry-accepted penetration testing approaches (for example, NIST SP800-115) - Includes coverage for the entire CDE perimeter and critical systems - Includes testing from both inside and outside the network - Includes te… (11.3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
  • For public-facing web applications, are new threats and vulnerabilities addressed on an ongoing basis, and are these applications protected against known attacks by applying either of the following methods? - Reviewing public-facing web applications via manual or automated application vulnerability … (6.6, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
  • For public-facing web applications, are new threats and vulnerabilities addressed on an ongoing basis, and are these applications protected against known attacks by applying either of the following methods? - Reviewing public-facing web applications via manual or automated application vulnerability … (6.6, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.2)
  • Does the penetration-testing methodology include the following? - Is based on industry-accepted penetration testing approaches (for example, NIST SP800-115) - Includes coverage for the entire CDE perimeter and critical systems - Includes testing from both inside and outside the network - Includes te… (11.3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.2)
  • Examine penetration-testing methodology and interview responsible personnel to verify a methodology is implemented that includes the following: - Is based on industry-accepted penetration testing approaches (for example, NIST SP800-115) - Includes coverage for the entire CDE perimeter and critical s… (11.3, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
  • The high-level working group, committee, or equivalent body should ensure the ongoing effectiveness of information security arrangements by monitoring the organization's exposure to Information Security threats. (SG.01.02.07b-2, The Standard of Good Practice for Information Security)
  • The patch management process should help relevant managers to discover software vulnerabilities as soon as they become known (e.g., by working with software vendors and monitoring announcements by security research organisations or equivalent). (CF.10.01.05a, The Standard of Good Practice for Information Security)
  • Malware protection should include monitoring external intelligence sources (e.g., media and security vendors) about new malware threats. (CF.10.02.05b, The Standard of Good Practice for Information Security)
  • System / network monitoring activities should be conducted to help identify the creation of back doors that provide unauthorized privileged access to business applications, Information Systems, and networks at a later time. (CF.10.05.08f, The Standard of Good Practice for Information Security)
  • There should be a Process for dealing with vulnerabilities in network devices, which includes monitoring them for vulnerabilities (e.g., by tracking Computer Emergency Response Team alerts, vendor websites and mailing lists, subscribing to a vulnerability notification service, or running vulnerabili… (CF.09.01.06a, The Standard of Good Practice for Information Security)
  • Threats relating to exploitation of information should be mitigated by monitoring online forums for details of stolen information (e.g., the sale of stolen credit card numbers). (CF.11.02.07a, The Standard of Good Practice for Information Security)
  • Malware protection should include monitoring external intelligence sources (e.g., media and security vendors) about new malware threats. (CF.10.02.05b, The Standard of Good Practice for Information Security, 2013)
  • System / network monitoring activities should be conducted to help identify the creation of back doors that provide unauthorized privileged access to business applications, Information Systems, and networks at a later time. (CF.10.05.08f, The Standard of Good Practice for Information Security, 2013)
  • There should be a Process for dealing with vulnerabilities in network devices, which includes monitoring them for vulnerabilities (e.g., by tracking Computer Emergency Response Team alerts, vendor websites and mailing lists, subscribing to a vulnerability notification service, or running vulnerabili… (CF.09.01.06a, The Standard of Good Practice for Information Security, 2013)
  • Threats relating to exploitation of information should be mitigated by monitoring online forums for details of stolen information (e.g., the sale of stolen credit card numbers). (CF.11.02.07a, The Standard of Good Practice for Information Security, 2013)
  • The high-level working group, committee, or equivalent body should ensure the ongoing effectiveness of information security arrangements by promoting timely decision-making about information risk by monitoring the organization's exposure to current and emerging information security threats (e.g., th… (SG.01.02.07c, The Standard of Good Practice for Information Security, 2013)
  • The high-level working group should ensure the ongoing effectiveness and efficiency of information security arrangements by reviewing threat intelligence and making recommendations to the governing body (where appropriate) on how to respond to new and changing threats. (SG.01.02.07b, The Standard of Good Practice for Information Security, 2013)
  • The patch management process should help relevant managers to discover software vulnerabilities as soon as they become known (e.g., by working with software vendors and monitoring announcements by security research organisations or equivalent). (CF.10.01.04c, The Standard of Good Practice for Information Security, 2013)
  • There should be documented standards / procedures for system and software vulnerability management which specify the need to scan business applications, information systems and network devices for system and software vulnerabilities. (CF.10.01.01c, The Standard of Good Practice for Information Security, 2013)
  • The network inventory monitoring tools should be operational and continuously monitoring, and should keep the inventory up-to-date, look for deviations from the expected inventory, and alert appropriate personnel when deviations are discovered. (Critical Control 1.4, Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0)
  • The vulnerability scanning tool should compare the services that are listening on each machine with the list of authorized services and identify changes over time for authorized services and unauthorized services. (Critical Control 4.9, Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0)
  • The organization shall establish and maintain a process to monitor the medical network for emerging risks. (§ 4.6.1 ¶ 1, Application of risk management for IT-networks incorporating medical devices Part 1: Roles, responsibilities and activities, Edition 1.0 2010-10)
  • The organization shall continuously monitor the system for new risks and risk sources. (§ 6.3.4.3(e)(3), ISO 15288-2008 Systems and software engineering - System life cycle processes, R 2008)
  • The purpose of monitoring and review is to assure and improve the quality and effectiveness of process design, implementation and outcomes. Ongoing monitoring and periodic review of the risk management process and its outcomes should be a planned part of the risk management process, with responsibil… (§ 6.6 ¶ 1, ISO 31000 Risk management - Guidelines, 2018)
  • treating and monitoring risks using the approach described in 6.1.3. (Section 8.1 ¶ 1 bullet 4, ISO/IEC 19770-1, Information technology — IT asset management — Part 1: IT asset management systems — Requirements, Third Edition, 2017-12)
  • Members should also document and implement reasonable procedures to detect potential threats. These steps may include utilizing network monitoring software, watching for the presence on the Member's physical premises of unauthorized users and becoming members of threat/data sharing organizations suc… (Information Security Program Bullet 3 Deployment of Protective Measures Against the Identified Threats and Vulnerabilities ¶ 2, 9070 - NFA Compliance Rules 2-9, 2-36 and 2-49: Information Systems Security Programs)
  • Establish and maintain a cyber threat hunting capability to search for indicators of compromise in organizational systems and detect, track, and disrupt threats that evade existing controls. (SA.4.171, Cybersecurity Maturity Model Certification, Version 1.0, Level 4)
  • Establish and maintain a cyber threat hunting capability to search for indicators of compromise in organizational systems and detect, track, and disrupt threats that evade existing controls. (SA.4.171, Cybersecurity Maturity Model Certification, Version 1.0, Level 5)
  • Threat actors frequently have used social engineering and other techniques to deceive customer call center and IT help desk representatives into resetting passwords and other credentials, thereby granting threat actors access to information systems, user and customer accounts, or confidential inform… (Section 8 ¶ 1, Authentication and Access to Financial Institution Services and Systems)
  • Determine whether the BCP addresses management monitoring of alert systems that provide information regarding the threat and progression of a pandemic. Further, determine if the plan provides for escalating responses to the progress or particular stages of an outbreak. (TIER I OBJECTIVES AND PROCEDURES BCP - Pandemic Issues Objective 8:5, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Threat information is used to monitor threats and vulnerabilities. (Domain 2: Assessment Factor: Threat Intelligence, THREAT INTELLIGENCE AND INFORMATION Baseline 1 ¶ 2, FFIEC Cybersecurity Assessment Tool, Baseline, May 2017)
  • Information security threats are gathered and shared with applicable internal employees. (Domain 2: Assessment Factor: Information Sharing, INFORMATION SHARING Baseline 1 ¶ 1, FFIEC Cybersecurity Assessment Tool, Baseline, May 2017)
  • Defining threat monitoring policies that provide for both continual and ad hoc monitoring of communications and systems, effective incident detection and response, and the use of monitoring reports in subsequent legal proceedings. (App A Objective 8.4.a, FFIEC Information Technology Examination Handbook - Information Security, September 2016)
  • A process to adequately identify and monitor relevant external threats and vulnerabilities. (App A Objective 13:7 a., FFIEC Information Technology Examination Handbook - Management, November 2015)
  • Limits on the level of acceptable risk exposure that management and the board are willing to assume. (AppE.7 Objective 6:1 a., FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Approaches, personnel, and documentation are in place to regularly identify and track existing, unanticipated, and emergent AI risks based on factors such as intended and actual performance in deployed contexts. (MEASURE 3.1, Artificial Intelligence Risk Management Framework, NIST AI 100-1)
  • Monitor risk. Monitor risk exposure and the effectiveness of mitigating risk on an ongoing basis, including tracking changes to an information system or supply chain using effective enterprise communications and a feedback loop for continuous improvement. (2. ¶ 1 Bullet 4, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1)
  • Detect, track, and disrupt threats that evade existing controls; and (RA-10a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
  • Implement a threat awareness program that includes a cross-organization information-sharing capability for threat intelligence. (PM-16 Control, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
  • Detect, track, and disrupt threats that evade existing controls; and (RA-10a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Implement a threat awareness program that includes a cross-organization information-sharing capability for threat intelligence. (PM-16 Control, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Detect, track, and disrupt threats that evade existing controls; and (RA-10a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Employ [Assignment: organization-defined sources of threat intelligence] as part of a risk assessment to guide and inform the development of organizational systems, security architectures, selection of security solutions, monitoring, threat hunting, and response and recovery activities. (3.11.1e, Enhanced Security Requirements for Protecting Controlled Unclassified Information, NIST SP 800-172)
  • The organization implements a threat awareness program that includes a cross-organization information-sharing capability. (PM-16 Control:, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Establish processing, exploitation and dissemination management activity using approved guidance and/or procedures. (T0683, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Monitor and report on validated threat activities. (T0749, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Work with organizational risk analysts to ensure that continuous monitoring reporting covers appropriate levels of the organization. (T0974, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • The organization must monitor and evaluate the smart grid Information System on a defined frequency to identify any vulnerabilities that might affect the system security. (SG.RA-6 Requirement 1, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • Monitor and report on validated threat activities. (T0749, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Work with organizational risk analysts to ensure that continuous monitoring reporting covers appropriate levels of the organization. (T0974, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • The organization implements a threat awareness program that includes a cross-organization information-sharing capability. (PM-16, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization implements a threat awareness program that includes a cross-organization information-sharing capability. (PM-16 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Detect, track, and disrupt threats that evade existing controls; and (RA-10a.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Implement a threat awareness program that includes a cross-organization information-sharing capability for threat intelligence. (PM-16 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Detect, track, and disrupt threats that evade existing controls; and (RA-10a.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Implement a threat awareness program that includes a cross-organization information-sharing capability for threat intelligence. (PM-16 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • The organization implements a threat awareness program that includes a cross-organization information-sharing capability. (PM-16 Control:, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)