Navigate

CCI-002669

CCI-002669 Definition

The organization uses the traffic/event profiles in tuning system-monitoring devices to reduce the number of false positives and false negatives.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to use the traffic/event profiles in tuning system-monitoring devices to reduce the number of false positives and false negatives. The organization must maintain an audit log of tuning events.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as audit logs of tuning events to ensure the organization being inspected/assessed uses the traffic/event profiles in tuning system-monitoring devices to reduce the number of false positives and false negatives.

Compelling Evidence

1.) Signed and dated system security plan reference to section pertaining to the process to use the traffic/event profiles in tuning system-monitoring devices to reduce the number of false positives and false negatives. 2.) Audit log of tuning events.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002669.

Control	Description
SI-4 (13)	The organization: SI-4 (13)(a): Analyzes communications traffic/event patterns for the information system; SI-4 (13)(b): Develops profiles representing common traffic patterns and/or events; and SI-4 (13)(c): Uses the traffic/event profiles in tuning system-monitoring devices to reduce the number of false positives and the number of false negatives.