>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SI-4 (19)System Monitoring | Risk for Individuals

High

>Control Description

Implement organization-defined additional monitoring of individuals who have been identified by organization-defined sources as posing an increased level of risk.

>FedRAMP Baseline Requirements

No FedRAMP-specific parameter values or requirements for this baseline.

>Discussion

Indications of increased risk from individuals can be obtained from different sources, including personnel records, intelligence agencies, law enforcement organizations, and other sources. The monitoring of individuals is coordinated with the management, legal, security, privacy, and human resource officials who conduct such monitoring. Monitoring is conducted in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern risk for individuals?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to risk for individuals issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?
  • What systems and events are monitored for integrity violations?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-4(19) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?
  • Can you provide examples of integrity monitoring alerts and responses?

Ask AI

Configure your API key to use AI features.