PE-6(2)

PE-6(2): Automated Intrusion Recognition / Responses

The organization employs automated mechanisms to recognize [one of ] and initiate [one of ].

Overlays
None

CSF Categories
None

The controls below (if any) were marked by NIST as being related to PE-6(2).

Control	Description
SI-4	The organization: a: Monitors the information system to detect: 1: Attacks and indicators of potential attacks in accordance with [one of ]; and 2: Unauthorized local, network, and remote connections; b: Identifies unauthorized use of the information system through [one of ]; c: Deploys monitoring devices: 1: Strategically within the information system to collect organization-determined essential information; and 2: At ad hoc locations within the system to track specific types of transactions of interest to the organization; d: Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion; e: Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information; f: Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and g: Provides [one of ] to [one of ] [one or more of "as needed"/" {{ insert: param, si-4_prm_6 }} "].

Control

Description

a: Monitors the information system to detect:
- 1: Attacks and indicators of potential attacks in accordance with [one of ]; and
- 2: Unauthorized local, network, and remote connections;

c: Deploys monitoring devices:
- 1: Strategically within the information system to collect organization-determined essential information; and
- 2: At ad hoc locations within the system to track specific types of transactions of interest to the organization;

d: Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion;

e: Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information;

f: Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and

g: Provides [one of ] to [one of ] [one or more of "as needed"/" {{ insert: param, si-4_prm_6 }} "].

The controls below (if any) add on to the requirements of PE-6(2).

Control	Description
No controls

The CCIs below are tied to PE-6(2).

CCI	Definition
CCI-002942	Recognize organization-defined classes or types of intrusions, using organization-defined automated mechanisms.
CCI-002943	Defines the classes or types of intrusions to recognize using automated mechanisms.
CCI-002944	Initiate organization-defined response actions to organization-defined classes or types of intrusions, using organization-defined automated mechanisms.
CCI-002945	Defines the response actions to initiate when organization-defined classes or types of intrusions are recognized.