Navigate

CCI-001257

CCI-001257 Definition

Adjust the level of system monitoring activity when there is a change in increased risk to organizational operations and assets, individuals, other organizations, or the Nation.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to heighten the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information.

Compelling Evidence

1.) Signed and dated system security plan that documents how information system monitors for increased risk activity (what sources it draws from ) and how it responds with a heightened monitoring.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001257.

Control	Description
SI-4	The organization: a: Monitors the information system to detect: 1: Attacks and indicators of potential attacks in accordance with [one of ]; and 2: Unauthorized local, network, and remote connections; b: Identifies unauthorized use of the information system through [one of ]; c: Deploys monitoring devices: 1: Strategically within the information system to collect organization-determined essential information; and 2: At ad hoc locations within the system to track specific types of transactions of interest to the organization; d: Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion; e: Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information; f: Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and g: Provides [one of ] to [one of ] [one or more of "as needed"/" {{ insert: param, si-4_prm_6 }} "].

Control

Description

SI-4

The organization:

a: Monitors the information system to detect:
- 1: Attacks and indicators of potential attacks in accordance with [one of ]; and
- 2: Unauthorized local, network, and remote connections;

b: Identifies unauthorized use of the information system through [one of ];

c: Deploys monitoring devices:
- 1: Strategically within the information system to collect organization-determined essential information; and
- 2: At ad hoc locations within the system to track specific types of transactions of interest to the organization;

d: Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion;

e: Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information;

f: Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and

g: Provides [one of ] to [one of ] [one or more of "as needed"/" {{ insert: param, si-4_prm_6 }} "].