>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

RA-10Threat Hunting

IL5
IL6

>Control Description

a

Establish and maintain a cyber threat hunting capability to:

1.

Search for indicators of compromise in organizational systems; and

2.

Detect, track, and disrupt threats that evade existing controls; and

b

Employ the threat hunting capability organization-defined frequency.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Threat hunting is an active means of cyber defense in contrast to traditional protection measures, such as firewalls, intrusion detection and prevention systems, quarantining malicious code in sandboxes, and Security Information and Event Management technologies and systems. Cyber threat hunting involves proactively searching organizational systems, networks, and infrastructure for advanced threats. The objective is to track and disrupt cyber adversaries as early as possible in the attack sequence and to measurably improve the speed and accuracy of organizational responses.

Indications of compromise include unusual network traffic, unusual file changes, and the presence of malicious code. Threat hunting teams leverage existing threat intelligence and may create new threat intelligence, which is shared with peer organizations, Information Sharing and Analysis Organizations (ISAO), Information Sharing and Analysis Centers (ISAC), and relevant government departments and agencies.

>Related Controls

CA-2
CA-7
CA-8
RA-3
RA-5
RA-6
SI-4

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is your organization's documented risk assessment policy and how does it address the requirements of RA-10?
  • Who has been designated as responsible for conducting and maintaining risk assessments?
  • How frequently are risk assessments conducted and what triggers an update to the risk assessment?

Technical Implementation:

  • What methodology or framework do you use to conduct risk assessments?
  • How do you identify and categorize threats and vulnerabilities during the risk assessment process?
  • What tools or systems support your risk assessment activities?

Evidence & Documentation:

  • Can you provide the most recent risk assessment report?
  • What evidence demonstrates that risk assessment findings are communicated to appropriate stakeholders?
  • Where are risk assessment results documented and how long are they retained?

Ask AI

Configure your API key to use AI features.