CCI-001274

Alert organization-defined personnel or roles using organization-defined automated mechanisms when inappropriate or unusual activities with security or privacy implications.

Implementation Guidance

The organization being inspected/assessed documents and implements automated mechanisms to alert security personnel when there are threats identified by authoritative sources (e.g. CTOs) and IAW with CJCSM 6510.01B. For automated alert mechanisms that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 1274. DoD has defined the activities that trigger alerts as when there are threats identified by authoritative sources (e.g. CTOs) and IAW with CJCSM 6510.01B.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines documentation of the use of the identified automated mechanisms used to alert security personnel when there are threats identified by authoritative sources (e.g. CTOs) and IAW with CJCSM 6510.01B. For automated alert mechanisms that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 1274. The organization being inspected/assessed may be required to demonstrate use of their identified automated mechanisms. DoD has defined the activities that trigger alerts as when there are threats identified by authoritative sources (e.g. CTOs) and IAW with CJCSM 6510.01B.

Compelling Evidence

1.) Signed and dated system security plan documents automated mechanisms to alert security personnel when there are threats identified by authoritative sources (e.g. CTOs) and IAW with CJCSM 6510.01B. 2.) Applicable STIG/SRG checks pertaining to CCI 1274.

The controls below (if any) were marked by NIST as being related to CCI-001274.