SI.L2-3.14.7—Identify Unauthorized Use
Level 2
800-171: 3.14.7
>Control Description
Identify unauthorized use of organizational systems.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your policy for identifying unauthorized system use?
- •What tools and processes do you use to detect unauthorized use?
- •Who reviews logs and alerts for unauthorized activity?
- •What is your process for investigating suspected unauthorized use?
- •How do you respond to confirmed unauthorized use?
Technical Implementation:
- •What user behavior analytics (UBA) detect unauthorized use?
- •What monitoring tools identify anomalous activity?
- •What baseline profiling identifies deviations?
- •What DLP detects unauthorized data access or exfiltration?
- •What alerting notifies of suspected unauthorized use?
- •What correlation rules identify unauthorized patterns?
Evidence & Documentation:
- •What patch management reports show timely patching?
- •What anti-malware deployment and update reports can you provide?
- •What malware scan reports and logs can you show?
- •What security monitoring reports demonstrate monitoring is occurring?
- •What security alert tracking shows alerts are reviewed and acted upon?
- •What incident detection logs demonstrate security monitoring?
- •What patch testing procedures can you provide?
Ask AI
Configure your API key to use AI features.