>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SI-4(20)System Monitoring | Privileged Users

IL4 High
IL5
IL6

>Control Description

Implement the following additional monitoring of privileged users: organization-defined additional monitoring.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Privileged users have access to more sensitive information, including security-related information, than the general user population. Access to such information means that privileged users can potentially do greater damage to systems and organizations than non-privileged users. Therefore, implementing additional monitoring on privileged users helps to ensure that organizations can identify malicious activity at the earliest possible time and take appropriate actions.

>Related Controls

AC-18

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern privileged users?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to privileged users issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?
  • What anti-malware solutions are deployed and how are they configured?
  • What systems and events are monitored for integrity violations?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-4(20) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?
  • Can you show recent malware detection reports and response actions?
  • Can you provide examples of integrity monitoring alerts and responses?

Ask AI

Configure your API key to use AI features.