>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SI-4 (16)System Monitoring | Correlate Monitoring Information

Moderate
High

>Control Description

Correlate information from monitoring tools and mechanisms employed throughout the system.

>FedRAMP Baseline Requirements

No FedRAMP-specific parameter values or requirements for this baseline.

>Discussion

Correlating information from different system monitoring tools and mechanisms can provide a more comprehensive view of system activity. Correlating system monitoring tools and mechanisms that typically work in isolation--including malicious code protection software, host monitoring, and network monitoring--can provide an organization-wide monitoring view and may reveal otherwise unseen attack patterns. Understanding the capabilities and limitations of diverse monitoring tools and mechanisms and how to maximize the use of information generated by those tools and mechanisms can help organizations develop, operate, and maintain effective monitoring programs.

The correlation of monitoring information is especially important during the transition from older to newer technologies (e.g., transitioning from IPv4 to IPv6 network protocols).

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern correlate monitoring information?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to correlate monitoring information issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?
  • What anti-malware solutions are deployed and how are they configured?
  • What systems and events are monitored for integrity violations?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-4(16) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?
  • Can you show recent malware detection reports and response actions?
  • Can you provide examples of integrity monitoring alerts and responses?

Ask AI

Configure your API key to use AI features.