>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SI-4(5)System Monitoring | System-generated Alerts

IL4 Mod
IL4 High
IL5
IL6

>Control Description

Alert organization-defined personnel or roles when the following system-generated indications of compromise or potential compromise occur: organization-defined compromise indicators.

>DoD Impact Level Requirements

Additional Requirements and Guidance

SI-4 (5) Guidance: In accordance with the incident response plan.

>Discussion

Alerts may be generated from a variety of sources, including audit records or inputs from malicious code protection mechanisms, intrusion detection or prevention mechanisms, or boundary protection devices such as firewalls, gateways, and routers. Alerts can be automated and may be transmitted telephonically, by electronic mail messages, or by text messaging. Organizational personnel on the alert notification list can include system administrators, mission or business owners, system owners, information owners/stewards, senior agency information security officers, senior agency officials for privacy, system security officers, or privacy officers.

In contrast to alerts generated by the system, alerts generated by organizations in SI-4(12) focus on information sources external to the system, such as suspicious activity reports and reports on potential insider threats.

>Programmatic Queries

Beta

Related Services

Amazon CloudWatch
AWS SNS
Amazon EventBridge

CLI Commands

Create CloudWatch alarm for system alerts
aws cloudwatch put-metric-alarm --alarm-name high-cpu-alert --alarm-description 'Alert on high CPU' --metric-name CPUUtilization --namespace AWS/EC2 --statistic Average --period 300 --threshold 80 --comparison-operator GreaterThanThreshold --evaluation-periods 2 --alarm-actions arn:aws:sns:us-east-1:123456789012:MySNSTopic
List active alarms
aws cloudwatch describe-alarms --state-value ALARM
Create EventBridge rule for system events
aws events put-rule --name security-event-rule --event-pattern '{"source":["aws.ec2"],"detail-type":["EC2 Instance State-change Notification"]}'
Configure SNS topic for alert delivery
aws sns create-topic --name security-alerts
Open AWS ConsoleDocumentation

>Related Controls

AU-4
AU-5
PE-6

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern system-generated alerts?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to system-generated alerts issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?
  • What anti-malware solutions are deployed and how are they configured?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-4(5) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?
  • Can you show recent malware detection reports and response actions?

Ask AI

Configure your API key to use AI features.