INFORMATION SECURITY MONITORING - 5335-JUN-2014
(Revised: 06/2014)
Policy: Each state entity is responsible for continuous monitoring of its networks and other information assets for signs of attack, anomalies, and suspicious or inappropriate activities.
Each state entity shall ensure:
- An event logging and monitoring strategy which provides for audit trails and auditability of events and appropriate segregation and separation of duties;
- Event logging and log monitoring are performed with sufficient regularity that signs of attack, anomalies, and suspicious or inappropriate activities are identified and acted upon in a timely manner;
- Sensors, agents, and security monitoring software are placed at strategic locations throughout the network;
- Situational awareness information from security monitoring and event correlation tools are monitored to identify events that require investigation and response; and
- Potential security events are reported immediately to the security incident response team.
Implementation Controls: NIST SP 800-53: Audit and Accountability (AU); Physical and Environmental Protection (PE); Risk Assessment (RA)
Print Entire SAM Manual
Please bear with us, generating the entire SAM for printing will take approximately two minutes.