Navigate

CCI-001253

CCI-001253 Definition

The organization defines the objectives of monitoring for attacks and indicators of potential attacks on the information system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the monitoring objectives as sensor placement and monitoring requirements within CJCSI 6510.01F.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the monitoring objectives as sensor placement and monitoring requirements within CJCSI 6510.01F.

Compelling Evidence

Automatically compliant per CJCSI 6510.01F.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001253.

Control	Description
SI-4	The organization: SI-4a.: Monitors the information system to detect: SI-4a.1.: Attacks and indicators of potential attacks in accordance with [Assignment: organization-defined monitoring objectives]; and SI-4a.2.: Unauthorized local, network, and remote connections; SI-4b.: Identifies unauthorized use of the information system through [Assignment: organization-defined techniques and methods]; SI-4c.: Deploys monitoring devices: SI-4c.1.: Strategically within the information system to collect organization-determined essential information; and SI-4c.2.: At ad hoc locations within the system to track specific types of transactions of interest to the organization; SI-4d.: Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion; SI-4e.: Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information; SI-4f.: Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and SI-4g.: Provides [Assignment: organization-defined information system monitoring information] to [Assignment: organization-defined personnel or roles] [Selection (one or more): as needed; [Assignment: organization-defined frequency]].

Control

Description

SI-4

The organization:

SI-4a.: Monitors the information system to detect:
- SI-4a.1.: Attacks and indicators of potential attacks in accordance with [Assignment: organization-defined monitoring objectives]; and
- SI-4a.2.: Unauthorized local, network, and remote connections;

SI-4b.: Identifies unauthorized use of the information system through [Assignment: organization-defined techniques and methods];

SI-4c.: Deploys monitoring devices:
- SI-4c.1.: Strategically within the information system to collect organization-determined essential information; and
- SI-4c.2.: At ad hoc locations within the system to track specific types of transactions of interest to the organization;

SI-4d.: Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion;

SI-4e.: Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information;

SI-4f.: Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and

SI-4g.: Provides [Assignment: organization-defined information system monitoring information] to [Assignment: organization-defined personnel or roles] [Selection (one or more): as needed; [Assignment: organization-defined frequency]].