Navigate

CCI-004652

CCI-004652 Definition

Establish and maintain a cyber threat hunting capability to detect, track, and disrupt threats that evade existing controls.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Determine if a cyber threat capability is established and maintained to detect, track, and disrupt threats that evade existing controls.

Validation Procedures

Examine: [SELECT FROM: Risk assessment policy; assessment reports; audit records/event logs; threat hunting capability; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with threat hunting responsibilities; system/network administrators; organizational personnel with security responsibilities]. Test: [SELECT FROM: Organizational processes for assessments and audits; mechanisms/tools supporting and/or implementing threat hunting capabilities].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-004652.

Control	Description
RA-10	a: Establish and maintain a cyber threat hunting capability to: 1: Search for indicators of compromise in organizational systems; and 2: Detect, track, and disrupt threats that evade existing controls; and b: Employ the threat hunting capability [the frequency at which to employ the threat hunting capability is defined;].