Navigate

SI-4 (7)

SI-4 (7): Automated Response To Suspicious Events

The information system notifies [Assignment: organization-defined incident response personnel (identified by name and/or by role)] of detected suspicious events and takes [Assignment: organization-defined least-disruptive actions to terminate suspicious events].

Supplemental

Least-disruptive actions may include, for example, initiating requests for human responses.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
Cross Domain (Access), Cross Domain (Multilevel), Cross Domain (Transfer), NC3

Related Controls

The controls below (if any) were marked by NIST as being related to SI-4 (7).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SI-4 (7).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-4 (7).

CCI	Definition
CCI-001266	The information system notifies an organization-defined list of incident response personnel (identified by name and/or by role) of detected suspicious events.
CCI-001267	The organization defines a list of incident response personnel (identified by name and/or by role) to be notified of detected suspicious events.
CCI-001268	The organization defines a list of least-disruptive actions to be taken by the information system to terminate suspicious events.
CCI-001670	The information system takes organization-defined least-disruptive actions to terminate suspicious events.