Navigate

CCI-004654

CCI-004654 Definition

Defines the frequency for employing the threat hunting capability.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Determine if the threat hunting capability is employed [RA-10_ODP; the frequency at which to employ the threat hunting capability is defined].

Validation Procedures

Examine: [SELECT FROM: Risk assessment policy; assessment reports; audit records/event logs; threat hunting capability; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with threat hunting responsibilities; system/network administrators; organizational personnel with security responsibilities]. Test: [SELECT FROM: Organizational processes for assessments and audits; mechanisms/tools supporting and/or implementing threat hunting capabilities].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-004654.

Control	Description
RA-10	a: Establish and maintain a cyber threat hunting capability to: 1: Search for indicators of compromise in organizational systems; and 2: Detect, track, and disrupt threats that evade existing controls; and b: Employ the threat hunting capability [the frequency at which to employ the threat hunting capability is defined;].