SI-4(7)

SI-4(7): Automated Response to Suspicious Events

(a): Notify [incident response personnel (identified by name and/or by role) to be notified of detected suspicious events is/are defined;] of detected suspicious events; and

(b): Take the following actions upon detection: [least-disruptive actions to terminate suspicious events are defined;].

Least-disruptive actions include initiating requests for human responses.

Overlays
CDS - Access, CDS - Multilevel, CDS - Transfer, DAF Baseline, NC3

CSF Categories
None

The controls below (if any) were marked by NIST as being related to SI-4(7).

Control	Description
No controls

The controls below (if any) add on to the requirements of SI-4(7).

Control	Description
No controls

The CCIs below are tied to SI-4(7).

CCI	Definition
CCI-001266	Notify an organization-defined incident response personnel (identified by name and/or by role) of detected suspicious events.
CCI-001267	Defines incident response personnel (identified by name and/or by role) to be notified of detected suspicious events.
CCI-001268	Defines the least-disruptive actions to be taken by system to terminate suspicious events.
CCI-001670	Take organization-defined least-disruptive actions to terminate suspicious events.