>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SI-4(21)System Monitoring | Probationary Periods

IL6

>Control Description

Implement the following additional monitoring of individuals during organization-defined probationary period: organization-defined additional monitoring.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

During probationary periods, employees do not have permanent employment status within organizations. Without such status or access to information that is resident on the system, additional monitoring can help identify any potentially malicious activity or inappropriate behavior.

>Related Controls

AC-18

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern probationary periods?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to probationary periods issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?
  • What anti-malware solutions are deployed and how are they configured?
  • What systems and events are monitored for integrity violations?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-4(21) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?
  • Can you show recent malware detection reports and response actions?
  • Can you provide examples of integrity monitoring alerts and responses?

Ask AI

Configure your API key to use AI features.