CCI-002689

Implementation Guidance

Determine if: - indicators of compromise provided by [SI-04(24)_ODP[01]; sources that provide indicators of compromise are defined] are discovered. - indicators of compromise provided by [SI-04(24)_ODP[01]; sources that provide indicators of compromise are defined] are collected. - indicators of compromise provided by [SI-04(24)_ODP[01]; sources that provide indicators of compromise are defined] are distributed to [SI-04(24)_ODP[02]; personnel or roles to whom indicators of compromise are to be distributed is/are defined].

Validation Procedures

"Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; procedures addressing system monitoring; system design documentation; system monitoring tools and techniques documentation; system configuration settings and associated documentation; system monitoring logs or records; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; system developer; organizational personnel installing, configuring, and/or maintaining the system; organizational personnel responsible for monitoring system hosts]. Test: [SELECT FROM: Organizational processes for system monitoring; organizational processes for the discovery, collection, distribution, and use of indicators of compromise; mechanisms supporting and/or implementing a system monitoring capability; mechanisms supporting and/or implementing the discovery, collection, distribution, and use of indicators of compromise]."