Navigate

SI-4 (16)

SI-4 (16): Correlate Monitoring Information

The organization correlates information from monitoring tools employed throughout the information system.

Supplemental

Correlating information from different monitoring tools can provide a more comprehensive view of information system activity. The correlation of monitoring tools that usually work in isolation (e.g., host monitoring, network monitoring, anti-virus software) can provide an organization-wide view and in so doing, may reveal otherwise unseen attack patterns. Understanding the capabilities/limitations of diverse monitoring tools and how to maximize the utility of information generated by those tools can help organizations to build, operate, and maintain effective monitoring programs.

CIA Levels
Confidentiality	low
Integrity	low
Availability	low

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to SI-4 (16).

Control	Description
AU-6	The organization: AU-6a.: Reviews and analyzes information system audit records [Assignment: organization-defined frequency] for indications of [Assignment: organization-defined inappropriate or unusual activity]; and AU-6b.: Reports findings to [Assignment: organization-defined personnel or roles].

Enhancements

The controls below (if any) add on to the requirements of SI-4 (16).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-4 (16).

CCI	Definition
CCI-001283	The organization correlates information from monitoring tools employed throughout the information system.