SI-4(7)

SI-4(7): Automated Response to Suspicious Events

The information system notifies [one of ] of detected suspicious events and takes [one of ].

Least-disruptive actions may include, for example, initiating requests for human responses.

Overlays
None

CSF Categories
None

The controls below (if any) were marked by NIST as being related to SI-4(7).

Control	Description
No controls

The controls below (if any) add on to the requirements of SI-4(7).

Control	Description
No controls

The CCIs below are tied to SI-4(7).

CCI	Definition
CCI-001266	Notify an organization-defined incident response personnel (identified by name and/or by role) of detected suspicious events.
CCI-001267	Defines incident response personnel (identified by name and/or by role) to be notified of detected suspicious events.
CCI-001268	Defines the least-disruptive actions to be taken by system to terminate suspicious events.
CCI-001670	Take organization-defined least-disruptive actions to terminate suspicious events.